scope of standard authority (was: Re: How to "activate" gpg.conf entries?)
Hauke Laging
mailinglisten at hauke-laging.de
Wed Jul 11 17:09:06 CEST 2012
Am Mi 11.07.2012, 16:54:27 schrieb Kristian Fiskerstrand:
> Note that as per RFC4880 this will still not remove SHA1[0: 13.3.2.]
> or 3DES[0: 13.2.], as these are appended tacitly to be able to ensure
> a matching set between implementations.
Does it make sense that a standard overrides a user's decision to prefer
security over compatibility (sure, you can still check afterwards what has
happened but that can be difficult especially if gpg is not used directly but
called by a MUA e.g.)? As someone stated here recently, he would rather not
make a signature at all than one which he considers unsafe.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120711/aecdab1e/attachment.pgp>
More information about the Gnupg-users
mailing list