[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how close is OpenPGP tied to SHA1



On 02/01/2009 08:24 PM, Peter Thomas wrote:
> After reading the whole RFC I've found several places where SHA1 is
> given as the only possible algorithm,

This was just discussed on the list last month in a thread titled "A
review of hash function brittleness in OpenPGP":

  http://www.imc.org/ietf-openpgp/mail-archive/msg30323.html

It would be worth reviewing that thread because it contains relevant
discussion.  In short: the fingerprints seem to be the most worrisome
part, and we probably need to think about how to move forward.

Proposals?

	--dkg

Attachment: signature.asc
Description: OpenPGP digital signature