Robert J. Hansen(rjh(_at_)sixdemonbag(_dot_)org)@Tue, Aug 15, 2017 at
01:10:31PM -0400:
Wouldn't anything else require truncation, and thus not give us the
extra safety we're looking for?
No. The bit size has nothing to do with why we want to replace SHA1.
We have a proposal on the table. Let's keep the WG discussion focused
on yes or no to the proposal. Let's not get sidetracked with other
discussions.
I would agree if this was some "other discussion". But we shouldn't
dismiss a discussion about precisely the proposal on the table. It's not
a very old proposal, and we shouldn't be comfortable going through with
a decision if we can't answer basic questions about why we went with a
particular approach.
From discussions so far I seem to be alone in my doubts that increasing
the bitsize of the fingerprint even further is a bad idea. Still, I'm
gonna submit a nay to the record here.
- V
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp