On 12/12/2010 6:37 PM, Daniel Kahn Gillmor wrote: > We can (and some of us do) use OpenPGP certificates and exchange > encrypted and signed material without relying on SHA-1 already.
Not so long as you're looking up key IDs by fragments of SHA-1 hashes, you're not. > Again, the entire reason i'm engaging in this thread is to encourage > people to move to stronger cryptographic algorithms *today*. That's not the point of this thread. In fact, as near as I can tell that's *never* been the point of this thread. The original poster wanted to create an entirely new certificate in order to migrate, and my advice to him was that if he wanted to create an entirely new certificate that he should wait until the next revision, otherwise he'd likely be doing another new certificate in a year or two. I have *never* claimed that we shouldn't move away from SHA-1. Heck, I was even the one who told the original poster to use enable-dsa2 in order to get access to the stronger hash algorithms. I maintain my original point: if you're thinking of creating an entirely new certificate just in order to get access to better hash algorithms, then you are best off waiting for the new revision: otherwise, use the existing technologies.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
