On 7/11/2012 11:09 AM, Hauke Laging wrote: > Does it make sense that a standard overrides a user's decision to prefer > security over compatibility (sure, you can still check afterwards what has > happened but that can be difficult especially if gpg is not used directly but > called by a MUA e.g.)?
Yes. The entire point of a standard is to allow interoperation. That means there has to be some final fallback mode. SHA-1 is that fallback mode. With luck we'll see this get changed once the new hash standard is announced.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
