Best Practices

Robert J. Hansen rjh at sixdemonbag.org
Tue Dec 14 02:28:24 CET 2010


On 12/13/2010 4:40 PM, Daniel Kahn Gillmor wrote:
> i agree.  That's why i've been proposing that people transition to new
> algorithms without trying to wait for a format change that is likely to
> take years to even begin, plus many more years to complete.

And no one is arguing against this.  All people are arguing against is,
"I want to migrate to a new certificate in order to avoid SHA-1."  To
the extent it is possible to avoid SHA-1, it can be avoided today
without migrating to a new cert; and for the rest, it cannot be avoided
today even if one migrates to a new cert.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5598 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20101213/a5277786/attachment.bin>


More information about the Gnupg-users mailing list