* David Shaw wrote:
That said, the security considerations section of the draft currently
has some language mildly discouraging the use of MD5 ("The MD5 hash
algorithm has been found to have weaknesses (pseudo-collisions in the
compress function) that make some people deprecate its use. They
consider the SHA-1 algorithm better.") Can we make this stronger, and
deprecate MD5 use for OpenPGP in general?
Not necessary. All known attacks does not impose a direct risk to md5 based
OpenPGP issues.