--blacklist-digest-algo plans [was: Re: un-trusting MD5 in gpg]

David Shaw dshaw at jabberwocky.com
Thu May 7 19:25:07 CEST 2009

On May 7, 2009, at 12:11 PM, Daniel Kahn Gillmor wrote:

> While we're defining this, do we want to also define
> --blacklist-cipher-algo ?  Semantically, i imagine that adding a  
> cipher
> to the blacklist would result in the following:
> * nothing would ever be encrypted over the blacklisted cipher
> * when decrypting data encrypted by a blacklisted cipher, gpg would
> emit a warning.

We effectively have this now.  If you take the cipher out of both your  
on-key preferences and your personal-cipher-preferences, then other  
people will not use it when encrypting to you, and you will not use it  
when encrypting to other people.  GPG will even print a warning if  
someone uses it to encrypt to you ("WARNING: cipher algorithm such-and- 
such not found in recipient preferences").

The only difference I see between this and a possible blacklist-cipher- 
algo is that presumably you could blacklist 3DES, which you can't  
remove from preferences.


More information about the Gnupg-devel mailing list