Personal prefs

David Shaw
Thu Nov 21 23:00:01 2002

On Thu, Nov 21, 2002 at 09:30:58PM +0100, Werner Koch wrote:
> On Thu, 21 Nov 2002 08:10:56 -0500, David Shaw said:
> > sign+symencrypt would be taken from personal-digest-preferences.
> > sign+encrypt is unchanged.  The user can then set their preferred hash
> > in one place and GnuPG will use it when it can (sign-only,
> I see and I hope that it will not be used too often.  There is no
> advantage in using an optional hash algorithm.  Widespread use will
> get us into the S/MIME incompatibilty mill.

Yes.  I'm not too worried about this particular feature as it doesn't
give a user the abilility to do anything they couldn't do already
(after all, they could just set --digest-algo), but it does make it
easier to do this.  I thought about suggesting an option to set a hash
algorithm for just sign-only and sign+symencrypt (so it would not
override the hash chosen for sign+encrypt), but I wonder if that would
be more confusing than helpful.

Maybe it would be worthwhile to add a note to the manual about
algorithm choices and the need to be compatible with the rest of the
world.  Something like:


  GnuPG tries to be a flexible implementation of the OpenPGP
  standard.  In particular, GnuPG implements many of the "optional"
  parts of the standard, such as the RIPEMD/160 hash, and the ZLIB
  compression algorithms.  By default, GnuPG will not create a message
  that a recipient cannot handle, but it is important to be aware that
  not all OpenPGP programs implement these optional algorithms and
  that by forcing their use via the --cipher-algo, --digest-algo, or
  --compress-algo features in GnuPG, it is possible to create a
  perfectly valid OpenPGP message, but one that cannot be read by the


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson