Page MenuHome GnuPG
Create Task
Maniphest T1062

Please add --disable-digest-algo option
Closed, ResolvedPublic
Actions

Description

GnuPG has --disable-cipher-algo and --disable-pubkey-algo but no
--disable-digest-algo. Please add it.

Details

Due Date
Feb 1 2010, 1:00 AM
Version
1.4.9

Event Timeline

lmamane added projects: Feature Request, gnupg.May 22 2009, 11:16 PM
lmamane set Version to 1.4.9.
lmamane added a subscriber: lmamane.
werner added a subscriber: werner.May 28 2009, 5:03 PM

See the recent threads on gnupg-devel for a discussion on this topic.

dshaw added a subscriber: dshaw.May 28 2009, 5:37 PM
lmamane added a comment.May 28 2009, 7:45 PM

On Thu, May 28, 2009 at 03:03:07PM -0000, Werner Koch via BTS wrote:

See the recent threads on gnupg-devel for a discussion on this
topic.

I see. I was just asking for "--disable-digest-algo" by symmetry with
cipher and pubkey algo. I think some of the points made against
--disable-digest-algo in the favour of e.g. --no-trust-digest-algo,
etc actually also apply to pubkey and ciphers; also for these, you'd
like to read "old data" that use them, with an appropriate warning,
but forbid creating new data that uses them.

So, if you introduce --no-trust-digest-algo (or another variant from
the discussion), please also consider --no-trust-cipher-algo and
--no-trust-pubkey-algo, which would:

  • display a warning when decrypting data encrypted with it (for cipher and pubkey)
  • return "weak signature"/"bad signature"/... when verifying signed data that uses them (pubkey, digest)
  • refuse to sign data with it (pubkey, digest)
  • refuse to encrypt data with it (cipher, pubkey)
werner added a project: Stalled.Sep 3 2009, 7:31 PM
werner set Due Date to Feb 1 2010, 1:00 AM.
werner closed this task as Resolved.Apr 22 2013, 9:58 AM
werner claimed this task.
werner added a project: Won't Fix.
werner removed a project: Stalled.