Page MenuHome GnuPG

Please add --disable-digest-algo option
Closed, ResolvedPublic

Description

GnuPG has --disable-cipher-algo and --disable-pubkey-algo but no
--disable-digest-algo. Please add it.

Details

Due Date
Feb 1 2010, 1:00 AM
Version
1.4.9

Event Timeline

lmamane set Version to 1.4.9.
lmamane added a subscriber: lmamane.

See the recent threads on gnupg-devel for a discussion on this topic.

On Thu, May 28, 2009 at 03:03:07PM -0000, Werner Koch via BTS wrote:

See the recent threads on gnupg-devel for a discussion on this
topic.

I see. I was just asking for "--disable-digest-algo" by symmetry with
cipher and pubkey algo. I think some of the points made against
--disable-digest-algo in the favour of e.g. --no-trust-digest-algo,
etc actually also apply to pubkey and ciphers; also for these, you'd
like to read "old data" that use them, with an appropriate warning,
but forbid creating new data that uses them.

So, if you introduce --no-trust-digest-algo (or another variant from
the discussion), please also consider --no-trust-cipher-algo and
--no-trust-pubkey-algo, which would:

  • display a warning when decrypting data encrypted with it (for cipher and pubkey)
  • return "weak signature"/"bad signature"/... when verifying signed data that uses them (pubkey, digest)
  • refuse to sign data with it (pubkey, digest)
  • refuse to encrypt data with it (cipher, pubkey)
werner set Due Date to Feb 1 2010, 1:00 AM.
werner claimed this task.
werner added a project: Won't Fix.
werner removed a project: Stalled.