Hash selection defaults
David Shaw
dshaw@jabberwocky.com
Fri Oct 11 14:14:01 2002
On Thu, Oct 10, 2002 at 08:08:58PM +0200, Simon Josefsson wrote:
> Any chance the hash guessing defaults could be modified to work on
> messages without "Hash: FOO"? I guess it would require hashing data
> using all supported algorithms. Or is the sender non-conformant
> somehow?
The sender is non-conformant. RFC2440 dictates that the Hash header
is present, and if it is not then MD5 is the hash.
> Verifying the message below generates the following:
>
> gpg: Signature made Tue Oct 8 11:49:54 2002 CEST using DSA key ID 797A9091
> gpg: WARNING: signature digest conflict in message
I added this warning message for this exact case. Perhaps it should
be something stronger than a "WARNING" :)
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson