On 23 Oct 2004, at 7:53 AM, Ian Grigg wrote:
"... Thus, software that
interoperates with those versions of PGP must only use old format
packets. If interoperability is not an issue, THE NEW PACKET FORMAT
IS PREFERRED."
Done.
#2 Medium Comment
13. Security Considerations
...
* The MD5 hash algorithm has been found to have weaknesses
(pseudo-collisions in the compress function) that make some
people deprecate its use. They consider the SHA-1 algorithm
better.
I think it's fair to say that since the last draft, we've
moved on beyond that. I'd suggest that MD5 should be deprecated.
and applications SHOULD use SHA1 and for compatibility MAY
accept MD5. Or somesuch.
This is part of what I've glibly characterized as PGP 2 deprecation. No
argument here.
Now, that's either easy to say or hard to say, depending on
whether one thinks that SHA1 is wobbly or safe. But, on the
whole, I don't think it should stop us deprecating MD5 at this
point in time. If that means that the document has a sort of
hole in it, then so be it, mark it and let's move on.
Before going on to deal with this - can we agree or discuss
whether we should deprecate MD5 at this point? If we agree
to do so, then it's just a matter of scanning for MD5 and
doing the switcheroo.
MD5 needs to be fully deprecated.
Jon