Re: [openpgp] SHA-2 support should be mandatory – change defaults
David Shaw
dshaw at jabberwocky.com
Thu Aug 14 13:23:06 CEST 2014
On Aug 13, 2014, at 3:56 AM, Werner Koch <wk at gnupg.org> wrote:
>> state. One place that comes to mind is in --gen-revoke. GPG can
>> import a bare revocation certificate. No version of PGP can, so there
>> is code to push out a minimal public key before the revocation
>> certificate. We'd need to add some sort of flag to indicate to
>> include the minimal public key, and that's sort of reinventing --pgp
>
> That is
>
> if (keyblock && (PGP2 || PGP6 || PGP7 || PGP8))
> {
> /* Use a minimal pk for PGPx mode, since PGP can't import bare
> revocation certificates. */
> rc = export_minimal_pk (out, keyblock, sig, NULL);
>
> Thus removing PGP2 won't harm.
>
>> Maybe the answer is to remove the things to generate PGP 2 messages
>> specifically, and leave the other stuff? That feels a bit messy.
>
> Actualluy this was my idea. However, signature verification has some
> kludges for PGP2 and we could consider to remove that too. IIRC, this
> is not even controlled by an option.
I agree. But I wasn't clear enough - the "other stuff" I'm referring to above is the (PGP6 || PGP7 || PGP8). That is, removing --pgp2 and leaving the others. On second consideration, though, the --pgpX options are at least theoretically OpenPGPish (some more than others!), so having those options stay is reasonable.
David
More information about the Gnupg-users
mailing list