Proposal: config for weak, normal, strong algos
Bernhard Reiter
bernhard at intevation.de
Mon Mar 21 16:18:05 CET 2016
On Thursday 10 March 2016 at 17:17:04, Bernhard Reiter wrote:
> attached a proposal to help dealing with environments
> where a crypto policy strongly prefers or rejects some algos.
> It is an idea of generalisation of what we (Intevation and g10code)
> may need for the https://wiki.gnupg.org/Gpg4vsnfd2015 contract.
>
> What do you think?
No feedback so far, but Werner told me, that he
a) does not like wording "strong" because it somehow implies
the algorithms in the "normal" group are less strong.
As a generalisation we could coin this "restricted" group
or "policy" group.
b) prefers one option that defines a fixed set of algos for the
"restricted" group, instead of too many configuration options
that would allow to combine algos that do go well togethers.
Maybe hardcoding is the way to go, so the "restricted" group
could be defined by an option like "--vs-nfd" for what the German
government things is in their "restricted" group.
In addition I think:
c) if we go with more configuration options
and thus being more general, we could add an options to name the group
like {{{--algo-policy-name=VS-NfD}}} .
Best Regards,
Bernhard
--
www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160321/246dbdb3/attachment.sig>
More information about the Gnupg-devel
mailing list