On 12/9/2010 1:14 AM, Ben McGinnes wrote: > I am giving very serious thought to creating new keys and > doing a (long-term) transition to them. This is partly to respond to > known flaws with SHA-1 and take advantage of SHA-256 and higher.
My best counsel is: don't, at least not yet.
First, there are no imminent practical attacks on SHA-1. Second, the
OpenPGP Working Group ("the WG") is currently figuring out how to get
SHA-1 out of the OpenPGP spec and how to replace it with something better.
If you do a transition now, it's possible you'll want to transition
again in six months or a year once the WG updates the RFC.
I'd hold off on this, at least for now.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
