Re: SHA1 depreciation ??

2017-06-29 Thread Robert J. Hansen
> As for the current version v4, SHA1 is used to compute the fingerprint. > Are there other mandatory places? Yes. Search the RFC for the term "SHA-1" and you'll find them. It's hardwired into several of the packet formats, for instance. > Do you know any time frame and significant changes of v

Re: SHA1 depreciation ??

2017-06-29 Thread Lou Wynn
On 06/29/2017 02:31 PM, Robert J. Hansen wrote: >> SHA1 got broken some months ago, but I see no useful move to get rid >> of using it for even new stuff. > (a) Not for OpenPGP's uses. For our uses it's still safe, although we > recommend moving to other, better, hashes as soon as possible. > > (b

Re: Technical contact for mailing list?

2017-06-29 Thread Ingo Klöcker
On Thursday 29 June 2017 00:50:49 Pete Stephenson wrote: > Hi all, > > Who is the appropriate person to contact regarding technical issues > with the mailing list? I'd start with the people who run this list. See https://lists.gnupg.org/mailman/listinfo/gnupg-users They can be reached at gnupg-u

Re: SHA1 depreciation ??

2017-06-29 Thread Robert J. Hansen
> SHA1 got broken some months ago, but I see no useful move to get rid > of using it for even new stuff. (a) Not for OpenPGP's uses. For our uses it's still safe, although we recommend moving to other, better, hashes as soon as possible. (b) It's pretty easy to avoid using SHA-1. There are stil

SHA1 depreciation ??

2017-06-29 Thread Joshua Hudson
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 SHA1 got broken some months ago, but I see no useful move to get rid of using it for even new stuff. I found some email chains awhile back showing the web of trust collapsing if SHA1 were not used. I found ubuntu trying to go at removing it alone

Re: Technical contact for mailing list?

2017-06-29 Thread Kristian Fiskerstrand
On 06/29/2017 12:50 AM, Pete Stephenson wrote: > Hi all, Hi, > > Who is the appropriate person to contact regarding technical issues with > the mailing list? > > Specifically, it appears that the list doesn't play nice with anti-spam > measures like DMARC, SPF, and DKIM and so messages sent fro

Re: Managing the WoT with GPG

2017-06-29 Thread Wouter Verhelst
On Tue, Jun 20, 2017 at 03:34:44PM +0200, martin f krafft wrote: > 2. I've also tried running --update-trustdb, but it seems that this >process is *endless*. I have no idea how many keys remain, and >I also got the impression that I keep seeing keys I already >processed. How do you appr

[Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526

2017-06-29 Thread Werner Koch
Hi! The GnuPG Project is pleased to announce the availability of Libgcrypt version 1.7.8. This release fixes a local side-channel attack. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation