On May 4, 2009, at 1:40 PM, Christoph Anton Mitterer wrote:
On Sun, 2009-05-03 at 22:56 -0400, David Shaw wrote:
It's important to remember that this isn't a completely SHA-1 free
key, as that is not currently possible in the OpenPGP protocol, but
it
is possible to make a "use as little SHA-1 as possible key".
Is there anything else than the fingerprint for the revocation
signatures and MDC?
I believe that's it. Fingerprints, revocation signatures (which use
fingerprints internally), and the MDC.
The end result will be a key that does not use SHA-1 either in its
internal construction or in signatures it makes elsewhere. Keep in
mind that there are some clients out there that simply cannot cope
with this key and will reject it with one failure message or another.
The most recent versions of either PGP or GPG can handle it just
fine.
What would you suggest for existing RSA/DSA2 keys that always used
SHA1
for their self-sigs and cert-sigs on other keys?
Should those be recreated with the "better" hash algo?
While I would start (did start, actually, a few years ago) using
SHA-256 to certify other people's keys, I wouldn't bother re-issuing
older SHA-1 certifications.
Re-issuing your self-sigs is more or less harmless. The keyservers
never delete anything, so they'll end up with both the old and new.
Assuming all works properly, the newer clients should end up using the
newer selfsig, and the older clients should keep using the old one (as
they won't be able to verify the new one). If you're distributing
your key outside of the keyservers, then you can go further and strip
off the old SHA-1 selfsig. If you do this, you can end up breaking
compatibility with some non-zero percentage of the community. The
exact amount of breakage depends on your particular circle of
correspondents and how often they upgrade, etc.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
