On the advisability of stronger digests than SHA-1 in OpenPGP certifications

[Johannes Zarl]

On Friday 27 June 2014 20:51:00 Werner Koch wrote:
> On Fri, 27 Jun 2014 19:46, peter at digitalbrains.com said:
> > I however have no clue what you expose yourself to when you still use PGP
> > 8.x. It could be possible that these guys take irresponsible risks, I
> > don't know.
> They will tell you that they send the encrypted messages only within
> their VPN and that the company policy requires end to end encryption.
> Check box security.

So basically there are (at least) two user groups:

1. legacy PGP implementations in closed corporate environments
2. people who want to exchange messages over the internet

Group 1 can afford not to have frequent security updates since the systems are 
isolated from the internet and don't upgrade because this would incur a 
significant cost with little benefit.

Group 2 is willing to keep their software up to date, but are in a generally 
more "attackable" environment. They push for "more secure" standards and 
defaults (whatever that means).

The way I see it compatibility between those two groups is a non-issue - they 
simply don't exchange messages.

Arguing that "internet-users" should not adopt SHA-x because SHA-1 is the only 
thing supported by legacy systems makes about as much sense as arguing that 
"legacy-users" should throw money into upgrading their isolated systems.

Cheers,
  Johannes