On Mon, 2009-05-04 at 14:00 -0400, David Shaw wrote: > Concerns about compatibility, mainly. There is a much larger > installed base of clients that understand SHA-1 than that understand > (say) SHA-256. SHA-256 has only been understood in a non-development > version of GPG since 2004. If I recall properly, PGP added it more or > less around the same time. That's not that long ago, and I frequently > see people asking for support for some version of GPG or PGP that > predates SHA-256. At least we've seen from the recent SHA1-related events,... that this point is comming closer ;) > None of this means that we wouldn't change the default signing hash at > some point later. It's just not something we're currently planning on > for today. Of course :) Chris.
Description: S/MIME cryptographic signature