Package: signing-party Version: 1.1-2 SHA-1 is significantly weakened, and we should be strongly encouraging new certifications to be something stronger (SHA-256 at least) [0]. Caff should do this automatically.
Currently, i have "cert-digest-algo SHA512" in ~/.gnupg/gpg.conf, caff
makes my certifications with SHA-1.
I can fix this for current versions of caff with:
echo 'cert-digest-algo SHA512' >> ~/.caff/gnupghome/gpg.conf
But caff should default to at least SHA256 for the certifications if we
want it to contribute to building a post-SHA-1 Web of Trust.
Maybe this should be made an explicit configuration variable (defaulting
to SHA256) and added to the config file?
something like:
# $CONFIG{'cert-digest-algo'} = 'SHA256';
would be a Good Thing.
Regards,
--dkg
[0] http://www.debian-administration.org/users/dkg/weblog/48
signature.asc
Description: OpenPGP digital signature
