El 08/10/13 22:19, Werner Koch escribió:
On Tue, 8 Oct 2013 02:05, sanv...@unex.es said:
to get reasonable defaults. Is SHA-1 a reasonable default for key
signing?
It is the default becuase SHA1 one is a MUST algorithm for OpenPGP and
fingerprints are anyway compuyted using SHA1. SHA256 is not supported
by all OpenPGP implementations.
BTW, what is your threat model?
Sorry but I'm not a cryptographer. Do you mean that as far as there is
not a known exploit, there is nothing to worry about?
There is a preference list for digests that I can set in my key and
publish on the keyservers, but apparently there is not a preference list
for the digest algorithm used in key signign (I naively thought the one
for digests was also valid for keysigning, I was wrong).
So, if I would like people to use stronger algorithms when signign my
key, what are my options? Tell everybody to modify their gpg.conf?
Or maybe the algorithm for signing is irrelevant and does not matter at all?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
