ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] V5 Fingerprint again

2017-03-01 14:23:02
from [Werner Koch] [Permanent Link] 
On Wed,  1 Mar 2017 20:41, schnabbel(_at_)inurbanus(_dot_)nl said:


1) Should we deprecate SHA1 in signatures? (Or did we already?)


This would break all existing signatures for no good reason.  Instead a
new v5 key format MUST NOT be used with signatures "weaker" than
SHA-256.

It is up to an implementation to decide what to do with old keys and
signature material.  The question is related to the old question what to
do with an expired or revoked signature key: are all signatures are then
suddenly untrustworthy or is there enough external context which allows
to decide that the signed document is still intact?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Attachment: pgpZQff53ANbT.pgp
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] V5 Fingerprint again, Werner Koch
Next by Date:  Re: [openpgp] V5 Fingerprint again, Robert J. Hansen
Previous by Thread:  Re: [openpgp] V5 Fingerprint again, Thijs van Dijk
Next by Thread:  Re: [openpgp] V5 Fingerprint again, Robert J. Hansen
Indexes:  [Date] [Thread] [Top] [All Lists]