[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    wishes for improved digest handling
From:       Hauke Laging <mailinglisten () hauke-laging ! de>
Date:       2013-06-19 0:41:54
Message-ID: 1983330.rl4GnvuRO4 () inno ! berlin ! laging ! de
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Hello,

1) I just noticed that you can enforce the sender to make a SHA-1 signature 
(if he also encrypts the message) by clearing the digest preferences (or 
setting it to SHA-1 only). I am aware that this is done in compliance with the 
RfC. I just want to suggest that a warning is issued if a digest is used which 
is not listed in --personal-digest-preferences.

2) I would also like to suggest to allow the usage of --recipient with --sign 
(without --encrypt) because it makes sense. The digest compatibility checking 
is not related to the encryption so IMHO it doesn't make sense not to allow it 
without encryption. If recipients are given for a signing operation then the 
result should be that a digest is chosen which is explicitly compatible with 
all intended users of the signature. The code is already there. Even the case 
"--recipient without --encrypt" is detected. Thus this should be a quite small 
change to the code (replace the warning by calling the digest selection).

3) Last wish: I would like to have an option for explicitly forbidding the use 
of certain ciphers or digests. This affects only those which are defined in 
the standard as fallback (a mistake which should be avoided in the next 
OpenPGP version). I don't see any sense in optimizing a crypto application for 
compatibility instead of security.


Hauke
-- 
☺
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-courses.org/

["signature.asc" (application/pgp-signature)]

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic