Hal wrote:
A forged signature using a weak hash algorithm is no good. Ideally an
implementation will not implement weak public key or hash algorithms.
If it does, it should display to the end user the public key and hash
algorithms used in a signature, so that he can judge the strength of
the signature.
In the world we're aiming at, most individual users of OpenPGP
implementations will not be able to judge the strength even given
that information. They will rely on the designers of the package
to give them default systems that are strong enough for their needs,
whatever those may be. For this reason I strongly endorse Hal's
"Ideally" sentence -- if there are weak algorithms, someone will
use them for some purpose and get burned. That's why I was strongly
opposed to having ROT-N defined, even for testing-only purposes.
If something gets broken we should deprecate it in the strongest
terms as soon as possible, and developers should issue updates
that no longer support the broken algorithms for producing
new messages.
--
Jim Gillogly
2 Astron S.R. 1999, 19:40
12.19.6.0.17, 12 Caban 10 Cumku, Eighth Lord of Night