On 1 March 2017 at 22:02, Robert J. Hansen <rjh(_at_)sixdemonbag(_dot_)org>
wrote:
1) Should we deprecate SHA1 in signatures? (Or did we already?)
This would break all existing signatures for no good reason. Instead a
new v5
key format MUST NOT be used with signatures "weaker" than SHA-256.
Deprecation is not the same as obsoleting. Deprecation doesn't break
existing signatures; it just says new signatures MUST NOT use SHA-1.
It sounds as if you're agreeing with the deprecation suggestion. Or am I
badly misunderstanding something?
Sorry if I wasn't clear before; I meant what Werner said.
-Thijs
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp