Avoid recipient-compatibility SHA1

Stefan Claas spam.trap.mailing.lists at gmail.com
Wed Nov 18 14:11:53 CET 2020


Thank you for your reply, much appreciated! I will however ask also
Ernst here again the same question one more time again, as an
illustrative example.

Regards
Stefan

On Mon, Nov 2, 2020 at 3:25 PM Phil Pennock via Gnupg-users
<gnupg-users at gnupg.org> wrote:
>
> On 2020-11-02 at 13:49 +0100, Werner Koch via Gnupg-users wrote:
> > On Fri, 30 Oct 2020 00:10, Phil Pennock said:
> > > recipient.  That's fine.  I'd rather create pressure for people to fix
> > > their systems to use modern cryptography than cater to their brokenness
> > > with sensitive messages.
> >
> > People won't update their keys - that just does not work.  Ignoring the
> > preferences is a better way here.
>
> First: thank you for the code changes!
>
> As to the people part: for a generic call to action, you're right.  But
> that's not the social dynamic in play here.
>
> For a specific set of people who know each other, trying to communicate
> securely, if someone says "hey your key is too broken to use, please fix
> it, here's a command to run (which you should check for yourself),
> please do so and send us your new public key" ... then that works.
>
> In the generic case, there's a hypothetical reward requiring work now.
> In the specific case, it's a case of "you're getting cut out of this
> ongoing conversation which presumably matters to you, do this now to get
> back in".  If the conversation really does matter to that person, then
> they will fix their key.  I have gotten people to fix various problems
> on exactly this basis.
>
> For everyone I am not talking to?  Not my business, not my problem.
> I can only issue advice and shrug when people ignore it.
>
> Now I just need a sane way to figure out which key caused this.  :)
>
> Thanks,
> -Phil
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



More information about the Gnupg-users mailing list