restrict the set of accepted digest algorithms
Robert J. Hansen
rjh at sixdemonbag.org
Tue Feb 10 18:52:13 CET 2015
> I think this (quite widespread) attitude is one of the reasons GnuPG is
> less often used than it would be possible. (I am speaking about a
> social phenomen here).
What fraction of computer users even know about GnuPG? Call that A.
What fraction of GnuPG-aware users understand crypto enough to have a
basic understanding? Call that B.
What fraction of crypto-aware users can give an intelligent, informed
opinion about the Standard's use of SHA-1 and whether that's a good
thing? Call that C.
What fraction of informed users with a strong opinion on the subject
think the Standard's continued use of SHA-1 is a compelling reason to
avoid it entirely, when there is no real alternative? (S/MIME has the
exact same problem, after all; just worse.) Call that D.
A * B * C * D = the fraction of the potential userbase you've alienated.
B * C * D = the fraction of the current GnuPG userbase you've alienated.
IMO, this is not an issue worth discussing.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
More information about the Gnupg-devel