-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 24.06.2014 09:36, schrieb Cpp: > I was going to create a new PGP key myself by following that > article. Werner, do you have any more input or comments to add > regarding that article? I am curious to hear input from multiple > sources/people.
I consider myself quite the amateur (I haven't even read most of RFC 4880 yet), but I do take issue with one point in the riseup.net Best Practices page, namely the bit where it says "self-signatures must not use SHA1". I find that statement too strong. AFAICS this will lead to keys which may not be understood by some perfectly standards-compliant OpenPGP implementations, since SHA-1 is the _only_ hashing algorithm that MUST be supported by all implementations of that standard. Everything else is up to the implementer. I do not know that there are any such implementations out there, but there seem to be a lot of people "rolling their own" who occasionally post to this very list. Possibly breaking OpenPGP compatibility does not seem like a Best Practice to me. I raised this concern in a comment on the _original_ page at https://we.riseup.net/riseuplabs+paow/openpgp-best-practices but it didn't garner any interest. I believe additional self-signatures can always be added to existing UIDs and subkeys later and I presume (someone correct me, if I'm wrong, please) they can use other hashing algos. That might be a way to get "the best of both worlds": Not breaking standards compliant clients (which would hopefully just ignore the selfsigs they can't understand and focus on those they can) AND strong hashing. Maybe other people can weigh in on this, notably those involved with that document. I would be especially interested to hear dkg's opinion. Cheers gabe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJTqWDJAAoJEO7XEikU4kSzTHwH/RDpwO5DI71kEMm5MwgH05yi lO91dlfO8RZygbHZGGN0TaxckqG2OgwXB6ItBZkJumjlXpU5rP6Z4UmrHbUyTTmp KZYqv98UFLunZ9W784gel1fbI3pCycTs+yaODanHFIsGOapqiW14DnWhJVLFY6Zj M+SuIz9t+x9f15x1jdhUGz8FlKp5+3ptYapMNaFgeruUPNHCD6lRIdFGjSc1MV7r PLC7s9yWpOBVmw0n5vlkL5uiRRryrTYkuU3/66sOgtSzCT9EEyAmFkSp6P0sztcl CitahspXrCiT8KHxd9w8gsOHSKwGT+EY4g9UFUciC1ED0F9HP55hcJSsfL1U/oU= =gMvc -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users