Personal prefs
David Shaw
dshaw@jabberwocky.com
Thu Nov 21 14:10:02 2002
On Thu, Nov 21, 2002 at 10:28:33AM +0100, Werner Koch wrote:
> On Wed, 20 Nov 2002 12:18:32 -0500, David Shaw said:
>
> > I see the problem though. Perhaps it would be good to have
> > --digest-algo default to the most highly ranked
> > --personal-digest-preferences value instead of SHA1. Then it would be
> > possible to put it into the gpg.conf file without running the risk of
> > using a hash that the recipient coult not use.
>
> SHA1 is a MUST algorithm; it is the only one all OpenPGP
> implementations must have in common.
Of course. This would not change that. The issue is that currently
personal-digest-preferences works only if there is a recipient
(i.e. encrypt+sign). The user must use digest-algo to set the digest
for sign-only and sign+symencrypt. This is not desirable since
digest-algo overrides ALL digests and therefore cannot be used in the
config file due to possibility of forcing a digest the recipient can't
handle. There is no way to safely just set the desired value, so
users must remember to change the digest value each time they sign.
With this change, if the user hadn't set digest-algo, but had set
personal-digest-preferences, the digest-algo for sign-only and
sign+symencrypt would be taken from personal-digest-preferences.
sign+encrypt is unchanged. The user can then set their preferred hash
in one place and GnuPG will use it when it can (sign-only,
sign+symencrypt), and won't when it would violate the spec
(sign+encrypt if the recipient can't handle it).
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson