Re: [openpgp] SHA-2 support should be mandatory – change defaults

Doug Barton dougb at dougbarton.us
Thu Aug 14 07:20:05 CEST 2014


On 08/12/2014 08:41 PM, David Shaw wrote:
> Maybe the answer is to remove the things to generate PGP 2 messages specifically, and leave the other stuff?

Yes please. :)

Not being able to encrypt/sign with PGP 2 at this point is totally 
reasonable. Not being able to decrypt/verify leads to toolchain 
complications down the road for people with such archives, and sends a 
dangerous message that we're not serious about backwards compatibility.

Doug




More information about the Gnupg-users mailing list