scope of standard authority (was: Re: How to "activate" gpg.conf entries?)

Hauke Laging mailinglisten at hauke-laging.de
Wed Jul 11 17:09:06 CEST 2012


Am Mi 11.07.2012, 16:54:27 schrieb Kristian Fiskerstrand:

> Note that as per RFC4880 this will still not remove SHA1[0: 13.3.2.]
> or 3DES[0: 13.2.], as these are appended tacitly to be able to ensure
> a matching set between implementations.

Does it make sense that a standard overrides a user's decision to prefer 
security over compatibility (sure, you can still check afterwards what has 
happened but that can be difficult especially if gpg is not used directly but 
called by a MUA e.g.)? As someone stated here recently, he would rather not 
make a signature at all than one which he considers unsafe.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120711/aecdab1e/attachment.pgp>


More information about the Gnupg-users mailing list