Re: system-wide crypto policies

To: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: system-wide crypto policies
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 27 Jun 2013 21:44:19 +0200
Message-id: <[🔎] 87bo6rnxt8.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 51CC3709.7000105@pocock.com.au> (Daniel Pocock's message of "Thu, 27 Jun 2013 14:58:49 +0200")
References: <[🔎] 51CC3709.7000105@pocock.com.au>

* Daniel Pocock:

> However, are such issues at the discretion of package maintainers and
> upstream, or is it useful to have a uniform Debian approach to
> cryptographic strength?

Keep in mind that RFC 4880 (OpenPGP) hard-codes SHA-1 in several
places, notably for key fingerprints.  If there's a uniform strength
requirement, we need some weasel words that GnuPG remains compliant.

It's also unclear if SHA-256 or SHA-512 is stronger, and if either
really is that much better than SHA-1.

Reply to:

Follow-Ups:
- Re: system-wide crypto policies
  - From: Daniel Pocock <daniel@pocock.com.au>

References:
- system-wide crypto policies
  - From: Daniel Pocock <daniel@pocock.com.au>

Prev by Date: Re: Reporting 1.2K crashes
Next by Date: Re: system-wide crypto policies
Previous by thread: system-wide crypto policies
Next by thread: Re: system-wide crypto policies
Index(es):
- Date
- Thread