Defaults
Damien Goutte-Gattat
dgouttegattat at incenp.org
Wed Mar 18 13:12:29 CET 2015
On 03/18/2015 01:34 AM, Robert J. Hansen wrote:
> I think this shouldn't be supported; CAST5 should only be used if (a) it's in the
> recipient's key prefs and (b) it's explicitly listed in
> default-cipher-prefs.
I don’t think that ignoring the recipient’s preferences should be the
default behavior. The recipient’s choices should be honored by default
*unless* you explicitly decide against it.
If you want to ignore a particular cipher, you could use the
--disable-cipher-algo option. Disable CAST5 and it will never be
selected by GnuPG even if it appears on the recipient’s list.
>> Do you mean signatures in general, or key signatures
>> (certifications)?
>
> The former, although I think setting cert-digest-algo SHA256 by default
> may be worth discussing.
Not anymore, it’s already done. :) I was wrong on that point, SHA-1 is
no longer used by default for certifications since GnuPG 2.1.0.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150318/edb4b57b/attachment.sig>
More information about the Gnupg-users
mailing list