On Sun, 2009-05-03 at 22:56 -0400, David Shaw wrote: > It's important to remember that this isn't a completely SHA-1 free > key, as that is not currently possible in the OpenPGP protocol, but it > is possible to make a "use as little SHA-1 as possible key". Is there anything else than the fingerprint for the revocation signatures and MDC?
> The end result will be a key that does not use SHA-1 either in its > internal construction or in signatures it makes elsewhere. Keep in > mind that there are some clients out there that simply cannot cope > with this key and will reject it with one failure message or another. > The most recent versions of either PGP or GPG can handle it just fine. What would you suggest for existing RSA/DSA2 keys that always used SHA1 for their self-sigs and cert-sigs on other keys? Should those be recreated with the "better" hash algo? Regards, Chris.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users