On Tue, Aug 11, 2015 at 6:10 AM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
On Mon, 10 Aug 2015 22:50, phill(_at_)hallambaker(_dot_)com said:
Given that email recipients tend to end up having to implement all the
code
points in a cipher suite because they can't really control what is sent,
I
That is not the case with OpenPGP. If you encrypt and sign the key
gives you a list of hash algorithms supported by the recipient. Only
those may be used. In a signature only case there is no point in an using
extravagant hash algorithm because most recipients won't be able to
verify such a signature.
And what then happens if you use the same key on two different devices
running two different applications?
Advertising crypto capabilities is good. But it isn't a panacea. If people
are going to use end to end encrypted email as default, they have to be
able to read their mail on multiple devices.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp