SHA-1 recommendations

David Shaw dshaw at
Tue May 19 00:48:54 CEST 2009

On May 18, 2009, at 6:32 PM, Robert J. Hansen wrote:

> David Shaw wrote:
>> No, I was agreeing with you.  Robert saw a conflict, but I don't.
> Not so much a conflict as a let's-not-be-hasty.  According to the  
> spec,
> it must be an ordered preference list, but the other guy isn't  
> required
> to treat it as anything other than a capability set.
> I understand GnuPG treats it as a preference list.  I'm in favor of it
> being treated as a preference list.  However, the other guy is free to
> interpret our preferences as being simply a capability set.  This  
> makes
> me think we should be cautious about assuming he will view them as a
> preflist: the spec explicitly allows him to treat it as a capset.
> I don't think this is very controversial, really.

Nor I.  I don't see that this makes any difference in practice for us:  
there is no harm in treating it as a preference list.  If we rank the  
algorithms in order, and the other guy treats it as a preference list,  
we're all set.  If the other guy treats it as a capability set, then  
we're no worse off then we'd be otherwise.


More information about the Gnupg-devel mailing list