Re: [openpgp] SHA-2 support should be mandatory – change defaults

David Shaw dshaw at jabberwocky.com
Tue Aug 12 00:08:35 CEST 2014


On Aug 11, 2014, at 1:31 PM, Johan Wevers <johanw at vulcan.xs4all.nl> wrote:

> On 11-08-2014 8:49, Robert J. Hansen wrote:
> 
>> On Enigmail, I recently had a frustrating
>> experience helping a user who was trying to use GnuPG to exchange
>> traffic with a PGP *2.6* user... a codebase which is about 20 years old now.
> 
> Fixing the packet order when --pgp2 or --rfc1991 are used would help a
> lot. And now I assume that pgp 2 will not pass away before the
> generation that was on the internet in the 1990's lies in the grave.

Rather than fixing RFC-1991 support, why not go in the other direction and make it clear that it isn't supported, and won't work?  I did a bunch of work to make --pgp2 work well and interoperate with PGP 2.x over a decade ago.  Even then it was intended as a stopgap measure until people finally stopped using PGP 2.x.  Over 10 years later, it's well past time to kill it.

David




More information about the Gnupg-users mailing list