On 02/01/2009 08:24 PM, Peter Thomas wrote:
After reading the whole RFC I've found several places where SHA1 is
given as the only possible algorithm,
This was just discussed on the list last month in a thread titled "A
review of hash function brittleness in OpenPGP":
http://www.imc.org/ietf-openpgp/mail-archive/msg30323.html
It would be worth reviewing that thread because it contains relevant
discussion. In short: the fingerprints seem to be the most worrisome
part, and we probably need to think about how to move forward.
Proposals?
--dkg
signature.asc
Description: OpenPGP digital signature