Avoid recipient-compatibility SHA1
spam.trap.mailing.lists at gmail.com
Wed Nov 18 14:11:53 CET 2020
Thank you for your reply, much appreciated! I will however ask also
Ernst here again the same question one more time again, as an
On Mon, Nov 2, 2020 at 3:25 PM Phil Pennock via Gnupg-users
<gnupg-users at gnupg.org> wrote:
> On 2020-11-02 at 13:49 +0100, Werner Koch via Gnupg-users wrote:
> > On Fri, 30 Oct 2020 00:10, Phil Pennock said:
> > > recipient. That's fine. I'd rather create pressure for people to fix
> > > their systems to use modern cryptography than cater to their brokenness
> > > with sensitive messages.
> > People won't update their keys - that just does not work. Ignoring the
> > preferences is a better way here.
> First: thank you for the code changes!
> As to the people part: for a generic call to action, you're right. But
> that's not the social dynamic in play here.
> For a specific set of people who know each other, trying to communicate
> securely, if someone says "hey your key is too broken to use, please fix
> it, here's a command to run (which you should check for yourself),
> please do so and send us your new public key" ... then that works.
> In the generic case, there's a hypothetical reward requiring work now.
> In the specific case, it's a case of "you're getting cut out of this
> ongoing conversation which presumably matters to you, do this now to get
> back in". If the conversation really does matter to that person, then
> they will fix their key. I have gotten people to fix various problems
> on exactly this basis.
> For everyone I am not talking to? Not my business, not my problem.
> I can only issue advice and shrug when people ignore it.
> Now I just need a sane way to figure out which key caused this. :)
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users