Hi Robert.
On Thu, 2009-09-10 at 10:54 -0400, Robert J. Hansen wrote: > Nope, it's pretty pervasive in the system. I thought it (and SHA1 fingerprints) would only be used in designated revoker signatures, and MDC? > The people behind OpenPGP are working on a new OpenPGP proposal that > will use a stronger, better hash algorithm. Have workings on an 4880 successor already started? Perhaps some of you (David?) remember the discussion that took place here and on the WG list some time ago about things like: - how criticality and critical bit could be handled much stricter - potential problems that arise because conforming implementation are only recommended to ignore signatures of an older time (especially self-sigs). - some other places where OpenPGP could (and for security reasons perhaps should) be more strict and demanding to (conforming) implementations - Ideas for much broader use of attributes (different types of names, birth-dates, -places, sex, etc. etc.) So I wonder who's doing the (main) work for the writing this time? And is there perhaps a wiki or so, where one could collect such suggestions? Sincerely, Chris.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
