> > > Besides the currently obsolete things, new things need to be built with
> > > the mindset that all crypto _will_ become obsolete over time, and avoid
> > > putting it into new places where it only gets in our way eventually.
> >
> >
> > I suggest avoiding algorithm agility as much as
> > Besides the currently obsolete things, new things need to be built with the
> > mindset that all crypto _will_ become obsolete over time, and avoid putting
> > it into new places where it only gets in our way eventually.
>
> I suggest avoiding algorithm agility as much as possible. It is
> > Yes, this is a known - or not so well known - limitation. As the signature
> > check is basically done by hand it lack a lot of feature one would expect
> > of GPG proper.
>
> Can we (as an option) use a third-party library, such as [rpgp](/rpgp/rpgp)?
Rust is not acceptable due to its
Much of the complexity in PKCS#7, PKCS#12, and OpenPGP comes from being too
flexible.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: