Re: [openpgp] SHA-2 support should be mandatory – change defaults
dougb at dougbarton.us
Thu Aug 14 22:32:23 CEST 2014
On Aug 14, 2014, at 4:23 AM, David Shaw <dshaw at jabberwocky.com> wrote:
> On Aug 14, 2014, at 1:20 AM, Doug Barton <dougb at dougbarton.us> wrote:
>> On 08/12/2014 08:41 PM, David Shaw wrote:
>>> Maybe the answer is to remove the things to generate PGP 2 messages specifically, and leave the other stuff?
>> Yes please. :)
>> Not being able to encrypt/sign with PGP 2 at this point is totally reasonable. Not being able to decrypt/verify leads to toolchain complications down the road for people with such archives, and sends a dangerous message that we're not serious about backwards compatibility.
> I think the context has been lost in that sentence. The "other stuff" I was referring to was --pgp6, --pgp7, etc. The --pgpX options in general. There was never a question of removing the ability to decrypt PGP 2 messages. As you say, that would destroy the ability to decrypt old messages.
You are correct, I did not understand your context there. Thank you for clarifying.
More information about the Gnupg-users