[PATCH] Make update_keysig_packet honour cert-digest-algo
dshaw at jabberwocky.com
Tue May 12 19:27:15 CEST 2009
On May 12, 2009, at 12:51 PM, Daniel Kahn Gillmor wrote:
> If gpg wants its generated self-signatures to be acceptable to members
> of both of these sets, it must issue two signatures (one over each
> digest). You cannot issue two self-sigs like this in gpg right now
> without the --expert option, which indicates that it's probably the
> wrong way to do things.
I do understand what you are asking for. I just disagree that it is
warranted for SHA-1 at this time. This is not a perfect world where
as soon as there was a question even asked about an algorithm, we
could just shove it aside and use something else. This is a very
messy world where the vast majority of users don't upgrade, don't use
the latest algorithms, and don't even understand the problem.
There are tools within GPG to accomplish what you want to do today.
It may not be as neat as a new feature, but you, nor anyone else who
feels the need to do this, are not being blocked for lack of this
Again, if we were in the position of changing digest hashes more often
than once a decade, I might feel differently about some spiffy new
feature to automate it, but this is the first time it's been necessary
More information about the Gnupg-devel