wishes for improved digest handling
mailinglisten at hauke-laging.de
Wed Jun 19 02:41:54 CEST 2013
1) I just noticed that you can enforce the sender to make a SHA-1 signature
(if he also encrypts the message) by clearing the digest preferences (or
setting it to SHA-1 only). I am aware that this is done in compliance with the
RfC. I just want to suggest that a warning is issued if a digest is used which
is not listed in --personal-digest-preferences.
2) I would also like to suggest to allow the usage of --recipient with --sign
(without --encrypt) because it makes sense. The digest compatibility checking
is not related to the encryption so IMHO it doesn't make sense not to allow it
without encryption. If recipients are given for a signing operation then the
result should be that a digest is chosen which is explicitly compatible with
all intended users of the signature. The code is already there. Even the case
"--recipient without --encrypt" is detected. Thus this should be a quite small
change to the code (replace the warning by calling the digest selection).
3) Last wish: I would like to have an option for explicitly forbidding the use
of certain ciphers or digests. This affects only those which are defined in
the standard as fallback (a mistake which should be avoided in the next
OpenPGP version). I don't see any sense in optimizing a crypto application for
compatibility instead of security.
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 572 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users