GPG on Windows 7?
J. Ottosson
j-001 at ottosson.nu
Wed Nov 17 19:27:38 CET 2010
On 17 Nov 2010 at 11:46, Robert J. Hansen wrote:
> It is deprecated in the minds of some people, but that's not the same as
> it being deprecated. RFC3156 (which most people cite when talking about
> inline PGP being deprecated) has been out of date for quite some time and
> is not all that compatible with RFC4880.
>
> For instance, from RFC3156, "OpenPGP signed data":
>
>
> "Currently defined values are 'pgp-md5', 'pgp-sha1',
> 'pgp-ripemd160', 'pgp-md2', 'pgp-tiger192', and
> 'pgp-haval-5-160'."
>
>
> Strict RFC3156 conformance means the only two GnuPG hashes you can use are
> SHA-1 and RIPEMD-160, neither of which has strong long-term prospects.
> This, alone, should be enough for us to say RFC3156 should not be
> considered normative of PGP usage.
>
> Speaking only for myself, I consider RFC4880 normative, and RFC3156
> obsolescent.
You are indeed not only speaking for yourself on this matter.
/J
More information about the Gnupg-users
mailing list