On Wed, Sep 6, 2017 at 5:57 PM, Daniel Kahn Gillmor <[email protected]> wrote: > On Wed 2017-09-06 13:12:11 +0200, Nikos Mavrogiannopoulos wrote: >> The options seem to be: >> * deprecate the API and force applications specify explicitly a hash >> for signing >> * Update/break the ABI for 3.6 and make the underlying algorithm used >> to be undefined (i.e., a secure but unspecified one). > > fwiw, i prefer the second option. It's always good to have a "do what > you currently think is best" simple API. > > This also resolves the request for a "@SYSTEM" mechanism for _sign2(), > since the way to do that would just be to use _sign(). I don't even > think this is a large enough API/behavioral change to _sign() to warrant > an SONAME bump, personally, esp. since SHA1 is deprecated for this > purpose.
A merge request incorporating these: https://gitlab.com/gnutls/gnutls/merge_requests/504/ _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
