SHA-1 recommendations
David Shaw
dshaw at jabberwocky.com
Mon May 18 20:16:23 CEST 2009
On May 18, 2009, at 2:04 PM, Daniel Kahn Gillmor wrote:
> On 05/18/2009 01:31 PM, David Shaw wrote:
>> I agree with you, except for the "exhaustive" part. I see no wording
>> that states or even suggests that all possible algorithms supported
>> need
>> to be listed.
>
> This is the line in question (split across pages in the RFC):
>
> It is assumed that only algorithms listed are supported by the
> recipient's software.
i.e. don't list it if you don't support it.
Since both PGP and GPG managed to read it the same way, and there is
also a discussion as to what happens if if an implementation gets a
message using an algorithm it doesn't list (something that would not
be possible if all algorithms were listed), I don't think there is all
that much confusion in the community as to what this means.
David
More information about the Gnupg-devel
mailing list