On 03/18/2015 01:34 AM, Robert J. Hansen wrote:
I think this shouldn't be supported; CAST5 should only be used if (a) it's in the recipient's key prefs and (b) it's explicitly listed in default-cipher-prefs.
I don’t think that ignoring the recipient’s preferences should be the default behavior. The recipient’s choices should be honored by default *unless* you explicitly decide against it.
If you want to ignore a particular cipher, you could use the --disable-cipher-algo option. Disable CAST5 and it will never be selected by GnuPG even if it appears on the recipient’s list.
Do you mean signatures in general, or key signatures (certifications)?The former, although I think setting cert-digest-algo SHA256 by default may be worth discussing.
Not anymore, it’s already done. :) I was wrong on that point, SHA-1 is no longer used by default for certifications since GnuPG 2.1.0.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
