On Thu, Mar 13, 2008 at 09:26:32PM +0100, Florian Weimer wrote: > > * David Crick: > > >> How much enthusiasm is there for this? Enough to generate > >> some consensus? Is there a business case for a redesign? > > > > "doesn't use SHA1" sounds like a good V5 business case.... > > Yes, some of us do check-list based security, and not having to rely on > SHA-1 is helpful in this area. And while we are at it, I would suggest to express V5 fingerprints (as well as key IDs) either in octal or in decimal. This is not a cryptography issue (*), but a usability issue on (typically mobile) devices with numeric-only keypads. As an added benefit, it would make the keyID ~ telephone number metaphor more sustainable. For such a decision, OpenPGP could earn the ethernal gratitude of the entire telecom industry. -- Daniel (*) But it certainly IS a security issue: usability is a crucial part of security, because security measures that are not usable are not going to be used.
Attachment:
signature.asc
Description: Digital signature