I'm conflicted about this.
Yes, moving away from SHA1 is a good idea. We should do that asap. But I
really dislike that this comes with an increased fingerprint size to 256
bits.
Looking at the use case we are trying to cover here, and the actual
requirements the fingerprint has to fulfill, even the 160 bits we had
before were "super-duper-safe because who knows what might happen"
terrain. And we are going to bolt another 96 bits on top of that.
People are going to read sixty-four hexadecimal characters to one
another to verify their keys.
On the other hand, I can see how the choice of just using SHA2-256 is
attractive for its simplicity, especially in a context where consensus
is hard to find.
- V
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp