restrict the set of accepted digest algorithms

Robert J. Hansen rjh at
Tue Feb 10 18:52:13 CET 2015

> I think this (quite widespread) attitude is one of the reasons GnuPG is
> less often used than it would be possible. (I am speaking about a
> social phenomen here).

It's not.

What fraction of computer users even know about GnuPG?  Call that A.

What fraction of GnuPG-aware users understand crypto enough to have a
basic understanding?  Call that B.

What fraction of crypto-aware users can give an intelligent, informed
opinion about the Standard's use of SHA-1 and whether that's a good
thing?  Call that C.

What fraction of informed users with a strong opinion on the subject
think the Standard's continued use of SHA-1 is a compelling reason to
avoid it entirely, when there is no real alternative?  (S/MIME has the
exact same problem, after all; just worse.)  Call that D.

A * B * C * D = the fraction of the potential userbase you've alienated.

B * C * D = the fraction of the current GnuPG userbase you've alienated.

IMO, this is not an issue worth discussing.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20150210/907a5cb3/attachment.bin>

More information about the Gnupg-devel mailing list