On Mon, 2009-05-04 at 14:00 -0400, David Shaw wrote:
Concerns about compatibility, mainly. There is a much larger
installed base of clients that understand SHA-1 than that understand
(say) SHA-256. SHA-256 has only been understood in a non-development
version of GPG since 2004. If I recall properly, PGP added it more or
less around the same time. That's not that long ago, and I frequently
see people asking for support for some version of GPG or PGP that
predates SHA-256.
At least we've seen from the recent SHA1-related events,... that this
point is comming closer ;)
None of this means that we wouldn't change the default signing hash at
some point later. It's just not something we're currently planning on
for today.
Of course :)
Chris.
smime.p7s
Description: S/MIME cryptographic signature