6 May 2009 07:50
building up the post-SHA1 Web of Trust
Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
2009-05-06 05:50:32 GMT
2009-05-06 05:50:32 GMT
Hi people-- I just made a fairly gpg-specific blog post suggesting concrete, non-disruptive actions that people can take now to start building out the post-SHA1 Web of Trust: http://www.debian-administration.org/users/dkg/weblog/48 I realize this is a somewhat controversial topic, and i'm not trying to start a flamewar. I do welcome questions, comments, and criticism, though, and i'd be very happy to be able to link to similar HOWTOs for other OpenPGP implementations if anyone else has written them. The actual abandonment of SHA1 is still a ways off, and nothing in my post suggests that we *should* abandon it now. My goal is to see the Web of Trust be sufficiently robust well before SHA-1 is finally deprecated, and this seems possible with current tools and protocols, if we go about it reasonably and start early enough. I really appreciate all the knowledge people have shared on this list about the subject recently. I've learned a lot in the last few days, and hope i haven't screwed anything up too badly. Regards, --dkg
RSS Feed