--blacklist-digest-algo plans [was: Re: un-trusting MD5 in gpg]
David Shaw
dshaw at jabberwocky.com
Thu May 7 19:25:07 CEST 2009
On May 7, 2009, at 12:11 PM, Daniel Kahn Gillmor wrote:
> While we're defining this, do we want to also define
> --blacklist-cipher-algo ? Semantically, i imagine that adding a
> cipher
> to the blacklist would result in the following:
>
> * nothing would ever be encrypted over the blacklisted cipher
> * when decrypting data encrypted by a blacklisted cipher, gpg would
> emit a warning.
We effectively have this now. If you take the cipher out of both your
on-key preferences and your personal-cipher-preferences, then other
people will not use it when encrypting to you, and you will not use it
when encrypting to other people. GPG will even print a warning if
someone uses it to encrypt to you ("WARNING: cipher algorithm such-and-
such not found in recipient preferences").
The only difference I see between this and a possible blacklist-cipher-
algo is that presumably you could blacklist 3DES, which you can't
remove from preferences.
David
More information about the Gnupg-devel
mailing list