SHA-1 recommendations

Robert J. Hansen rjh at
Tue May 19 00:32:45 CEST 2009

David Shaw wrote:
> No, I was agreeing with you.  Robert saw a conflict, but I don't.

Not so much a conflict as a let's-not-be-hasty.  According to the spec,
it must be an ordered preference list, but the other guy isn't required
to treat it as anything other than a capability set.

I understand GnuPG treats it as a preference list.  I'm in favor of it
being treated as a preference list.  However, the other guy is free to
interpret our preferences as being simply a capability set.  This makes
me think we should be cautious about assuming he will view them as a
preflist: the spec explicitly allows him to treat it as a capset.

I don't think this is very controversial, really.

More information about the Gnupg-devel mailing list