Jon Callas <joncallas=40icloud(_dot_)com(_at_)dmarc(_dot_)ietf(_dot_)org>
writes:
Here are a number of options possible.
Another thing to consider is how to deal with existing signed data. If
there's a file that's been sitting on a local disk for twenty years signed
with SHA-1 then the signature isn't going to be suddenly invalid just because
SHA-1 is wobbly. So some provision for recognising existing data as still
valid rather than "anything signed with SHA-1 is automatically suspect" would
be good.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp