Hi
Disclaimer: I'm not much familiar with the RFC process
I recently found that many mails encrypted by Enigmail/GnuPG are using
SHA-1 as hashing algorithm.
So I asked the Enigmail guys to use SHA-2 instead [1]. They said no
arguing not to change any GnuPG defaults.
The GnuPG guys don't want to set SHA-2 as default [2] since RFC4880 [3]
only states that SHA-1 must be implemented. Since SHA-2 support is not
mandatory they won't make it default.
There are several known attacks against SHA-1 reducing its effective
security (without breaking it). Since SHA-2 is widely deployed for about
10 years I think it is time to move on and make SHA-2 default.
I don't know whether any plans are around to specify a Revision 2 of the
OpenPGP standard but if they are, this should be part of it. Are there
any chances to change it?
And if there are such changes would it be possible to make these changes
too:
1. Add SHA-3 support
2. Make AES-256 the default (mandatory) symmetric-key algorithm instead
of TripleDES (which is quite weak anyway)
3. Replace DSA as default public-key algorithm (since it relies on good
random which is often not available/ensured) by RSA.
4. Algorithm Preferences / RSA: change minimum RSA key size to 2048
There was a related discussion on this some 5 years ago [4].
[1]
http://sourceforge.net/p/enigmail/forum/feature_requests/thread/e1810d6b/
[2]
https://bugs.g10code.com/gnupg/issue1679
[3]
https://tools.ietf.org/html/rfc4880#section-9.4
[4]
https://www.ietf.org/mail-archive/web/openpgp/current/msg00239.html
Regards
Christian Stadelmann
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp