At 06:38 PM 5/19/98 -0400, dontspam-tzeruch(_at_)ceddec(_dot_)com wrote:
In short, if there are no headers, where it says
SHA-1 is used
that should be changed to (for 2.6.2 style compatibility)
MD5 is assumed
Do we really want to do this? Yes, it's a break with the past, but it's
also an opportunity to really deprecate MD5.
Opinions? I'm in a quandry.
Jon
-----
Jon Callas jon(_at_)pgp(_dot_)com
CTO, Total Network Security 3965 Freedom Circle
Network Associates, Inc. Santa Clara, CA 95054
(408) 346-5860
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)