Re: [openpgp] Deprecating SHA1
Jonathan McDowell <noodles@earth.li> Sat, 24 October 2020 08:57 UTC
Return-Path: <noodles@earth.li>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 754053A0B38 for <openpgp@ietfa.amsl.com>; Sat, 24 Oct 2020 01:57:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=earth.li
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a8RZY0KeDlFa for <openpgp@ietfa.amsl.com>; Sat, 24 Oct 2020 01:57:28 -0700 (PDT)
Received: from the.earth.li (the.earth.li [IPv6:2a00:1098:86:4d:c0ff:ee:15:900d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A7CC3A0B32 for <openpgp@ietf.org>; Sat, 24 Oct 2020 01:57:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=earth.li; s=the; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject :To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=D39TxNaB/86MFTbCC59cRH6Fhb4SzBQ4N83i9ZNooW4=; b=lOvJf6VWQvKAluCOaUKAkWOuOa 80XCB+SdpS91jetRU2Op1n3On6SOO4iB1QcfMwLyJUiqOpBLD80qwLNut+EdY+r/no6HAX6oR0pnj MIVbF4/HWywpFXgcLdzGFsjmPkAxrDLd71zG3tkGPpe767pytZ+QLJuaYWIhswr82GTx/GSesoVnU 24Fr3GPdOr6aV0pYR0VC3MLCCJMqU+MDZdOPtD5d1zMmcty3rMBTCjbtzKTyEMWJHI6p0HB0CwIId q4jMNt3itDM4WKemUNAqQ2BhuGlyd9zVfG/ezNfxVNBiB86ttR18ZcbSvIQ+KpfWZJFa/15F9eScw xZGR/Ftw==;
Received: from noodles by the.earth.li with local (Exim 4.92) (envelope-from <noodles@earth.li>) id 1kWFMb-0005Ik-Nm for openpgp@ietf.org; Sat, 24 Oct 2020 09:57:25 +0100
Date: Sat, 24 Oct 2020 09:57:25 +0100
From: Jonathan McDowell <noodles@earth.li>
To: openpgp@ietf.org
Message-ID: <20201024085725.GB2594@earth.li>
References: <87sga5xg03.wl-neal@walfield.org> <20201023192317.GA444398@fullerene.field.pennock-tech.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20201023192317.GA444398@fullerene.field.pennock-tech.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/quycqQ9qr8QPVM1lh4so4H8EDc0>
Subject: Re: [openpgp] Deprecating SHA1
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Oct 2020 08:57:29 -0000
On Fri, Oct 23, 2020 at 03:23:17PM -0400, Phil Pennock wrote: > The TLDR for folks using the widespread GnuPG software is that GnuPG > defaults to protecting you against a new self-sig, but expert-mode makes > it easy: > > gpg --expert --cert-digest-algo SHA256 --sign-key $YourKeyId I'm one of the people with a SHA1 self signature. I've been aware of it for some time, and it's been on my todo list to sort out, but when I last tried GPG did not make it possible. What version of GPG is necessary for the above to work? The somewhat aged versions on the airgapped machine my master key lives on do not seem to want to update the type of the self sig with that command. J. -- Chaos, panic, & disorder - my work here is done.
- [openpgp] Deprecating SHA1 Neal H. Walfield
- Re: [openpgp] Deprecating SHA1 Paul Wouters
- Re: [openpgp] Deprecating SHA1 Neal H. Walfield
- Re: [openpgp] Deprecating SHA1 Phil Pennock
- Re: [openpgp] Deprecating SHA1 Guillem Jover
- Re: [openpgp] Deprecating SHA1 Guillem Jover
- Re: [openpgp] Deprecating SHA1 Jonathan McDowell
- Re: [openpgp] Deprecating SHA1 Neal H. Walfield
- Re: [openpgp] Deprecating SHA1 brian m. carlson
- Re: [openpgp] Deprecating SHA1 Jon Callas
- Re: [openpgp] Deprecating SHA1 Phil Pennock
- Re: [openpgp] Deprecating SHA1 Phil Pennock
- Re: [openpgp] Deprecating SHA1 Peter Gutmann
- Re: [openpgp] Deprecating SHA1 Benjamin Kaduk
- Re: [openpgp] Deprecating SHA1 Ángel
- Re: [openpgp] Deprecating SHA1 Neal H. Walfield
- Re: [openpgp] Deprecating SHA1 Neal H. Walfield
- Re: [openpgp] Deprecating SHA1 Neal H. Walfield
- Re: [openpgp] Deprecating SHA1 Tobias Mueller
- Re: [openpgp] Deprecating SHA1 heikostamer
- Re: [openpgp] SHA1 Linter & Fixer Neal H. Walfield