On the advisability of stronger digests than SHA-1 in OpenPGP certifications [was: Re: riseup.net OpenPGP Best Practices article]

[MFPA]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Friday 27 June 2014 at 11:35:00 PM, in
<mid:A2F8DBA9-1DA7-47A6-BC79-CFAEA3B02BC3 at jabberwocky.com>, David Shaw
wrote:


> Incidentally, since subkeys have come up in this
> thread, I seem to recall a few strange bugs with 8.x
> (8.0? 8.1?) that make it difficult to use if the key
> you are encrypting to has a signing subkey.  8.x didn't
> always handle signing subkeys properly, so could end up
> failing to encrypt (it wasn't 100% of the time - it
> depended on which subkey was dated first).  If anyone
> is curious, I'll dig out my notes for this.  I
> submitted the bug to PGP, and I know it was fixed in a
> later version.


My recollection is that PGP 8.x would always try to encrypt to the
newest subkey, and encryption would fail if the newest was a signing
subkey. I had 8.0.3 and 8.1; if memory serves, both had this issue -
signing subkeys were fairly new at the time.




- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

Never lean forward to push an invisible object.
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlOuiQVXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pkWMD/Rcv4i/MDuEQ5gujWhAjiKQimX9K0gZ8XaqZ
0zHcyHUDdUGkKHhaV9c4C3vkTkPKpZpTLhv6n5ADTHf4f1ggaZiwo48sI3aJ34O+
egbYC0AIyl8sw+aj/o54/bH6z+tsYH9pEH9dSl8Z/9NPi/vsjQpf/nK4bT+PAVnW
KbUR8+Vr
=Vmtp
-----END PGP SIGNATURE-----