SHA-1 recommendations
David Shaw
dshaw at jabberwocky.com
Tue May 19 00:48:54 CEST 2009
On May 18, 2009, at 6:32 PM, Robert J. Hansen wrote:
> David Shaw wrote:
>> No, I was agreeing with you. Robert saw a conflict, but I don't.
>
> Not so much a conflict as a let's-not-be-hasty. According to the
> spec,
> it must be an ordered preference list, but the other guy isn't
> required
> to treat it as anything other than a capability set.
>
> I understand GnuPG treats it as a preference list. I'm in favor of it
> being treated as a preference list. However, the other guy is free to
> interpret our preferences as being simply a capability set. This
> makes
> me think we should be cautious about assuming he will view them as a
> preflist: the spec explicitly allows him to treat it as a capset.
>
> I don't think this is very controversial, really.
Nor I. I don't see that this makes any difference in practice for us:
there is no harm in treating it as a preference list. If we rank the
algorithms in order, and the other guy treats it as a preference list,
we're all set. If the other guy treats it as a capability set, then
we're no worse off then we'd be otherwise.
David
More information about the Gnupg-devel
mailing list