On Mar 17, 2017, at 2:00 AM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
Hi,
Here is my suggestion on how to deprecate hash algorithms. The new text
is:
Implementations MUST implement SHA-256. Implementations MAY implement
other algorithms. Implementations MUST NOT create messages which
require the use of SHA-1 with the exception of computing version 4 key
fingerprints and for purposes of the MDC packet. Implementations MUST
NOT use MD5 or RIPE-MD/160.
My only comment is that if you're going to "deprecate" as opposed to "ban" then
the term needs to be SHOULD NOT rather than MUST NOT. MUST NOT is a ban, not
deprecation.
I prefer deprecation (SHOULD NOT) over banning (MUST NOT) because a ban leads
either to people being silly about a lack of backwards compatibility or they
just defiantly ignore the ban.
Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp