why is SHA1 used? How do I get SHA256 to be used?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jul 12 18:59:47 CEST 2012
On 07/12/2012 08:16 AM, Werner Koch wrote:
> On Wed, 11 Jul 2012 22:55, nicholas.cole at gmail.com said:
>
>> But one thing that might be helpful to explain is this: what needs to
>> be in the V5 key format aside from the change in fingerprint hash?
>> Aside from that issue, the V4 key format seems to have been resilient.
>> What are the other issues that need to be addressed?
>
> We need to check the WG archives for a list. What I can remember are:
>
> - A new fingerprint scheme
>
> - A hard (non-changeable) expiration time
>
> - A different way to express timestamps (Y2038 annoyance and the hard
> Y2106 problem). An 8601 timestamp string should do.
>
> - Get rid of the old and optional protection schemes or even switch to a
> modern standard one.
>
> There are related things we need to change for signatures packets. It
> might also be a good time to replace PKCS#1.5,
some other points (from memory):
* Issuer subpacket should use a full fingerprint, rather than a short keyID
* designated revoker signature should embed full key instead of
fingerprint.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120712/2e47967e/attachment.pgp>
More information about the Gnupg-users
mailing list