Hash selection defaults

David Shaw dshaw@jabberwocky.com
Fri Oct 11 14:14:01 2002

On Thu, Oct 10, 2002 at 08:08:58PM +0200, Simon Josefsson wrote:
> Any chance the hash guessing defaults could be modified to work on
> messages without "Hash: FOO"?  I guess it would require hashing data
> using all supported algorithms.  Or is the sender non-conformant
> somehow?

The sender is non-conformant.  RFC2440 dictates that the Hash header
is present, and if it is not then MD5 is the hash.

> Verifying the message below generates the following:
> gpg: Signature made Tue Oct  8 11:49:54 2002 CEST using DSA key ID 797A9091
> gpg: WARNING: signature digest conflict in message

I added this warning message for this exact case.  Perhaps it should
be something stronger than a "WARNING" :)


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson