On Thu, Mar 13, 2008 at 09:26:32PM +0100, Florian Weimer wrote:
* David Crick:
How much enthusiasm is there for this? Enough to generate
some consensus? Is there a business case for a redesign?
"doesn't use SHA1" sounds like a good V5 business case....
Yes, some of us do check-list based security, and not having to rely on
SHA-1 is helpful in this area.
And while we are at it, I would suggest to express V5 fingerprints (as well
as key IDs) either in octal or in decimal. This is not a cryptography issue
(*), but a usability issue on (typically mobile) devices with numeric-only
keypads. As an added benefit, it would make the keyID ~ telephone number
metaphor more sustainable.
For such a decision, OpenPGP could earn the ethernal gratitude of the entire
telecom industry.
--
Daniel
(*) But it certainly IS a security issue: usability is a crucial part of
security, because security measures that are not usable are not going to be
used.
signature.asc
Description: Digital signature