On Wed, 8 Jan 2020 21:37, Andrew Gallagher said: > Have you tried changing the subkey expiry? Or does that reuse the same hash?
That is what I would also suggest. The expire sub-command is useful for all such things. It should always use the current default digest algorithms. Regarding the SHA-1 collisions: GnuPG 2.2 still considers SHA-1 based self-signatures (either on a user-id or a subkey) has valid. If we would disallow that all dsa1024 keys would be rendered useless. dsa1024 requires SHA-1. Compared to the trouble we already had with removing PGP-2 keys, removing dsa1024 would be a much loader outcry. Nevertheless, moving away from dsa1024 is important. We just can't force users to do that. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
