On Tue, Sep 19, 2006 at 03:33:30PM +0200, Werner Koch wrote:
The more interesting question is what we are going to do about the
SHA-1 requirement for a fingerprint and things like designated
revokers - this is a more troublesome use of SHA-1. Oh, sorry, I was
just thinking loudly.
This is exactly my point. If we reopen the SHA-1 issue for the MDC,
what stops someone from wanting a change in fingerprints or the secret
key protection format, or the "hash of last resort" or any of the
other hardcoded uses of SHA-1 in the standard?
The request to remove SHA-1 from the MDC seems to be just a
misunderstanding. It's worth an email to try and resolve the
misunderstanding before we get into design, much less code, changes.
A simple email to resolve a misunderstanding seems like the easiest
"fix" here. If that doesn't work, or it turns out not to be a
misunderstanding, then we can go on and do the design changes, no harm
done.
David