SHA-1 recommendations

David Shaw dshaw at
Tue May 19 01:24:17 CEST 2009

On May 18, 2009, at 1:49 PM, Daniel Kahn Gillmor wrote:

> On 05/18/2009 01:21 PM, David Shaw wrote:
>> Understood, but I believe the quote from me that was used was from  
>> that
>> context, so I wanted to make that context clear.  I don't really  
>> favor
>> this sort of "here's how to transition everyone" document.
> I think that Robert started the document in an attempt to address your
> earlier concern that there was a lot of bad advice floating around on
> the 'net:
> Are you saying that you think such a document is a bad idea in  
> general,
> and you'd never consider endorsing such a thing?

"Never" is perhaps too strong, but in for this particular issue, yes,  
I do think it's a less than good idea.  It puts forth a confusing  
message where GPG says one thing, but this additional document says  
something else.  If I felt that these sorts of actions were necessary,  
I'd argue to change the defaults in GPG and not use a secondary  
document at all.

> Is there a better way to address the legitimate concern you've raised?

The documents I've seen thus far all seem to read (with varying levels  
of severity) "You're at risk.  Do this to not be at risk any longer."   
I'd prefer a document that says "We think you're fine if you do  
nothing.  If we thought you were at risk, we'd take action.  We're  
happy to teach you about the issues so you can determine for yourself  
whether you agree with us or not."  Which raises the question why a  
document is needed, since that's the normal case for GPG.

I don't know how that concern can be addressed, really.  I think there  
is fairly substantial disagreement on how severe the problem is, which  
is a fine thing as it makes people re-examine what they do believe,  
but it also makes it hard to come up with a document that would make  
everyone happy.

>> Not all users of OpenPGP use the keyservers or even participate in  
>> the
>> web of trust.  It's also used in various environments where keys are
>> traded manually.
> True.  For those who do not participate in the WoT, the choice of
> cert-digest-algo is irrelevant, though (they don't interpret
> certificates at all), so we can ignore those people in this  
> consideration.

That is unfortunately not true.  Just because they don't make their  
keys part of the public web of trust doesn't mean they don't certify  
each other.


More information about the Gnupg-devel mailing list