scope of standard authority
Hauke Laging
mailinglisten at hauke-laging.de
Wed Jul 11 18:18:22 CEST 2012
Am Mi 11.07.2012, 11:13:46 schrieb Robert J. Hansen:
> The entire point of a standard is to allow interoperation. That means
> there has to be some final fallback mode.
IMHO the second sentence effectively rewrites the first to:
"The entire point of a standard is to ENFORCE interoperation."
I don't see the benefit of forcing someone to something in a security context
if the direction is not to more but to less security. The two cases are:
a) I try to send an email or sign a file. This fails with the hint that I have
to correct my configuration. I then can decide whether to do that or not.
b) I believe to make signatures of type X or Y only. But in rare cases such a
"standard feature" (which maybe not more than a tiny share of the users know
about) makes me unawarely create one of type Z.
Who would choose (b) for himself and how big would the damage of getting there
via (a) be for those?
It seems to me that --digest-algo does have its use case and that the
documentation is wrong:
--digest-algo name
[...] --personal-digest-preferences is the safe way to accomplish the same
thing.
It's obviously not the same.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120711/c38525ad/attachment.pgp>
More information about the Gnupg-users
mailing list