On the advisability of stronger digests than SHA-1 in OpenPGP certifications [was: Re: riseup.net OpenPGP Best Practices article]

vedaal at nym.hush.com vedaal at nym.hush.com
Fri Jun 27 16:52:22 CEST 2014

On 6/27/2014 at 9:59 AM, shmick at riseup.net wrote:

>is it really a case of obdurateness, "if it ain't broke don't fix 
>or an unwillingness to use and get accustomed to something new 
>different, perhaps a new gui - look, i completely sympathise with 
>latter especially for older people if i may generalise
>if you're a windows user you'll have to upgrade after 10 years if 
>want to keep safe or pay ($) for it; ok, now i sympathise with 
>not wanting a new gui with windows 8
>>> Why should anyone cater to users of PGP 8.x in 2014 when we 
>have an 
>>> opportunity to provide a stronger cryptographic baseline for 
>>> else?
>> Because there are still people using it.


And it supports/promotes wider cryptography usage ...

We, (the Cryptography community in general, and the GnuPG community in particular)
want to encourage more widespread cryptography use,

and to have newbies who finally take the step of using it, to then find problems in e-mailing other users of different programs because of incompatibilities ....
it could be discouraging enough to just stop using it before one has had a chance to appreciate what it can do, and come to love it.

Many thanks to WK and the GnuPG development team for taking the trouble to provide backward compatibility even as GnuPG grows better and more robust.


More information about the Gnupg-users mailing list