Hi Robert.


On Thu, 2009-09-10 at 10:54 -0400, Robert J. Hansen wrote: 
> Nope, it's pretty pervasive in the system.
I thought it (and SHA1 fingerprints) would only be used in designated
revoker signatures, and MDC?


> The people behind OpenPGP are working on a new OpenPGP proposal that
> will use a stronger, better hash algorithm.
Have workings on an 4880 successor already started?
Perhaps some of you (David?) remember the discussion that took place
here and on the WG list some time ago about things like:
- how criticality and critical bit could be handled much stricter
- potential problems that arise because conforming implementation are
only recommended to ignore signatures of an older time (especially
self-sigs).
- some other places where OpenPGP could (and for security reasons
perhaps should) be more strict and demanding to (conforming)
implementations
- Ideas for much broader use of attributes (different types of names,
birth-dates, -places, sex, etc. etc.)

So I wonder who's doing the (main) work for the writing this time? And
is there perhaps a wiki or so, where one could collect such suggestions?



Sincerely,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to