scope of standard authority
Robert J. Hansen
rjh at sixdemonbag.org
Wed Jul 11 17:13:46 CEST 2012
On 7/11/2012 11:09 AM, Hauke Laging wrote:
> Does it make sense that a standard overrides a user's decision to prefer
> security over compatibility (sure, you can still check afterwards what has
> happened but that can be difficult especially if gpg is not used directly but
> called by a MUA e.g.)?
Yes.
The entire point of a standard is to allow interoperation. That means
there has to be some final fallback mode. SHA-1 is that fallback mode.
With luck we'll see this get changed once the new hash standard is
announced.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120711/dd676e33/attachment-0001.pgp>
More information about the Gnupg-users
mailing list