[PATCH] avoid publishing the GnuPG version by default
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Aug 5 19:27:53 CEST 2016
On Fri 2016-08-05 12:27:33 -0400, Werner Koch wrote:
> On Fri, 5 Aug 2016 16:36, dkg at fifthhorseman.net said:
>
>> Yep. And Hash: isn't necessary (nor is it generated) when doing
>> detached signatures or PGP/MIME signatures anyway (the PGP/MIME
>> multipart/signed content-type has a micalg= parameter that achieves the
>
> micalg is a problem by itself: For example it does only allow for one
> algorithm. It is also problematic from the processing model because you
> need to do a trial signature to figure out the algorithm which will be
> used. And it is often not correctly set, thus for detached signatures
> in streaming mode you may better guess the hash algorithm first.
hm, i hadn't realized those drawbacks. thanks for the explanation.
Maybe if you can guess the hash algorithm already and it works, it makes
sense to just do that anyway (or be willing to fall back to multi-pass
signature verification).
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20160805/311e3726/attachment.sig>
More information about the Gnupg-devel
mailing list