On the advisability of stronger digests than SHA-1 in OpenPGP certifications

Werner Koch wk at gnupg.org
Fri Jun 27 09:21:17 CEST 2014


On Thu, 26 Jun 2014 23:57, dkg at fifthhorseman.net said:

> Why should anyone cater to users of PGP 8.x in 2014 when we have an
> opportunity to provide a stronger cryptographic baseline for everyone else?

Probably for the same reason that some sites are using GnuPG 1.2, which
had its last regular release in 2004 (and an exceptional security
release in 2006).


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list