Hi people--
I just made a fairly gpg-specific blog post suggesting concrete,
non-disruptive actions that people can take now to start building out
the post-SHA1 Web of Trust:
http://www.debian-administration.org/users/dkg/weblog/48
I realize this is a somewhat controversial topic, and i'm not trying to
start a flamewar. I do welcome questions, comments, and criticism,
though, and i'd be very happy to be able to link to similar HOWTOs for
other OpenPGP implementations if anyone else has written them.
The actual abandonment of SHA1 is still a ways off, and nothing in my
post suggests that we *should* abandon it now. My goal is to see the
Web of Trust be sufficiently robust well before SHA-1 is finally
deprecated, and this seems possible with current tools and protocols, if
we go about it reasonably and start early enough.
I really appreciate all the knowledge people have shared on this list
about the subject recently. I've learned a lot in the last few days,
and hope i haven't screwed anything up too badly.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature