On the advisability of stronger digests than SHA-1 in OpenPGP certifications [was: Re: riseup.net OpenPGP Best Practices article]

[Robert J. Hansen]

On 6/26/2014 5:57 PM, Daniel Kahn Gillmor wrote:
> PGP 8 was released over a decade ago, that's hardly a modern
> implementation:

And yet, it still conforms (largely) to RFC4880.  Methinks you're
objecting because it's a largely-conforming implementation that doesn't
have good support for SHA256.  ;)

> In what ways is its support for SHA-256 limited?  I'm having a hard
> time finding documentation for it.

If I recall correctly, it can understand SHA-256 but not generate
SHA-256.  SHA-256 generation support was added late in the 8.x series,
but earlier 8.x releases could understand it.

> How many people use it?

It's not as if there are Nielsen ratings for these things.  All I can do
is say that I still regularly encounter it when I talk to people about
PGP.  For instance, I know of one law firm that purchased a site license
for 8.x and refuses to upgrade, since the more recent editions cost a
fortune in per-seat licenses and have very little in the way of new
functionality.

> Why should anyone cater to users of PGP 8.x in 2014 when we have an 
> opportunity to provide a stronger cryptographic baseline for everyone
> else?

Because there are still people using it.

Remember, GnuPG also supports most of RFC1991 because we've got a large
base of PGP 2.6 users who are refusing to upgrade...