On 2 Dec 2013, at 12:00, mailmate-requ...@lists.freron.com wrote:
First, I'm certainly no security expert and I welcome any
comments/corrections to the following.
For OpenPGP the hash function is not set in stone, but you can set a
list of preferred hash functions, e.g., one of my keys has the
following
list:
Digest: SHA256, SHA1, SHA384, SHA512, SHA224
Unfortunately (embarrassingly) MailMate ignores this setting. It
simply
enforces the use of SHA1 to make sure that the ?Content-Type? of a
message shows the correct hash function in the so-called `micalg`
parameter. I have it on my ToDo to improve this.
...
For S/MIME in MailMate, it's kind of worse, and it's partly because
I'm
not 100% sure how it works for S/MIME certificates. MailMate doesn't
(and maybe cannot?) enforce a particular hash function, but MailMate
also doesn't try to find out which hash algorithm is used.
...
Benny
Hi Benny,
This does get REALLY confusing! I know a LOT about using S/MIME and
OpenPGP, but I would NEVER dare call myself an expert. Frankly, I think
the subject is so involved that I would highly question anyone who
claimed to be an expert.
I'm not a developer. I'm a network security engineer (recently retired).
I do have the statement "default-preference-list SHA512 SHA384 SHA256
SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed" in my
gpg.conf file, and I think that this is what you are mentioning. Here's
what I've found on the usage of "default-preference-list":
"Sets the list of default preferences to string. This preference list is
used for new keys and becomes the default for "setpref" in the edit
menu." There are still a lot of SHA1 beys out there (especially with
S/MIME) but most people/business are upgrading. I can now more or less
understand the purpose of your new parameter and I'm glad it's on your
to-do list.
The type of information you really need on S/MIME hash functions is very
difficult to locate (if it's even out there at all!). Most of us
technical people (myself included) don't always document as well as we
should!
--
Scott Blystone
Rochester, NY, US
CAcert Assurer (see http://www.cacert.org)
StartSSL Notary (see http://www.startssl.org)
Note: This address also works for instant messaging.
_______________________________________________
mailmate mailing list
mailmate@lists.freron.com
http://lists.freron.com/listinfo/mailmate
