Avoid recipient-compatibility SHA1

Stefan Claas spam.trap.mailing.lists at gmail.com
Tue Nov 17 16:47:18 CET 2020

On Mon, Nov 2, 2020 at 2:25 PM Phil Pennock via Gnupg-users
<gnupg-users at gnupg.org> wrote:
> On 2020-11-02 at 13:49 +0100, Werner Koch via Gnupg-users wrote:
> > On Fri, 30 Oct 2020 00:10, Phil Pennock said:
> > > recipient.  That's fine.  I'd rather create pressure for people to fix
> > > their systems to use modern cryptography than cater to their brokenness
> > > with sensitive messages.
> >
> > People won't update their keys - that just does not work.  Ignoring the
> > preferences is a better way here.
> First: thank you for the code changes!
> As to the people part: for a generic call to action, you're right.  But
> that's not the social dynamic in play here.
> For a specific set of people who know each other, trying to communicate
> securely, if someone says "hey your key is too broken to use, please fix
> it, here's a command to run (which you should check for yourself),
> please do so and send us your new public key" ... then that works.

I do have a question for you and Werner, if you don't mind.

When one checks Wikipedia for SHA1:


People may ask when seeing this [Quote]:

Since 2005, SHA-1 has not been considered secure against well-funded
opponents;[4] as of 2010 many organizations have recommended its
replacement.[5][6][7] NIST formally deprecated use of SHA-1 in 2011
and disallowed its use for digital signatures in 2013.

Was this therefore ever discussed on OpenPGP Mailing Lists, between
OpenPGP experts and Mr. Zimmermann and Werner?

Second question:

What does it really mean for the OpenPGP ecosystem if there would be a
SHA1 collision found in an email or detached signed document or file?
I ask, because when one checks a GnuPG
digitally signed message or file it usually says it comes from the key
(owner) blah and this key has a fingerprint of blah if one checks.


More information about the Gnupg-users mailing list