I think we can go slightly further here for depreciation in implementation
logic: if a primary key is self signed with a stronger algorithm, a sha1
signature can be considered a security error. This avoids a downgrade scenario
and catches misconfigurations but should have little potential for false
positives.
The only scenario I can think of where this heuristic is off, is when the
sender doesn't create their key themselves and isn't itself capable of stronger
hashes. Not sure if that ever happens?
- V
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp