On the advisability of stronger digests than SHA-1 in OpenPGP certifications

[Robert J. Hansen]

On 6/27/2014 6:31 PM, Johannes Zarl wrote:
> 1. legacy PGP implementations in closed corporate environments

Be careful about that phrase "legacy."  Too often it's used as a slur.
It's more accurate to say, "PGP installations in corporate
environments."  There's no reason to think these installations are
closed, or that the IT departments are being unreasonable.

Just because they're not doing what you think they should doesn't mean
they're not playing with a full deck.

> Group 1 can afford not to have frequent security updates since the systems are 
> isolated from the internet and don't upgrade because this would incur a 
> significant cost with little benefit.

The "since" is probably inaccurate.  Group 1 can afford to keep using
PGP 8.x because it meets their needs.  They don't upgrade because it
doesn't make business sense to do so.

> The way I see it compatibility between those two groups is a non-issue - they 
> simply don't exchange messages.

You may not exchange emails with corporations; many other people do.

> Arguing that "internet-users" should not adopt SHA-x because SHA-1 is the only 
> thing supported by legacy systems makes about as much sense as arguing that 
> "legacy-users" should throw money into upgrading their isolated systems.

That's a subtle rephrasing of the position -- and an inaccurate one.

SHA-x should not be used *by default in places where it would break the
spec*.  But no one is saying that SHA-x should not be used, period, nor
is anyone saying that if after careful deliberation you decide that
breaking the spec is appropriate, that you shouldn't do so.