On 17 Nov 2010 at 11:46, Robert J. Hansen wrote: > It is deprecated in the minds of some people, but that's not the same as > it being deprecated. RFC3156 (which most people cite when talking about > inline PGP being deprecated) has been out of date for quite some time and > is not all that compatible with RFC4880. > > For instance, from RFC3156, "OpenPGP signed data": > > > "Currently defined values are 'pgp-md5', 'pgp-sha1', > 'pgp-ripemd160', 'pgp-md2', 'pgp-tiger192', and > 'pgp-haval-5-160'." > > > Strict RFC3156 conformance means the only two GnuPG hashes you can use are > SHA-1 and RIPEMD-160, neither of which has strong long-term prospects. > This, alone, should be enough for us to say RFC3156 should not be > considered normative of PGP usage. > > Speaking only for myself, I consider RFC4880 normative, and RFC3156 > obsolescent.
You are indeed not only speaking for yourself on this matter. /J _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
