[MlMt] Hash Function Parameter? What Am I Missing Here?

Scott Blystone scott at blystone.net
Mon Dec 2 14:31:18 EST 2013

Previous message: [MlMt] Hash Function Parameter? What Am I Missing Here?
Next message: [MlMt] Hash Function Parameter? What Am I Missing Here?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2 Dec 2013, at 12:00, mailmate-request at lists.freron.com wrote:

>
> First, I'm certainly no security expert and I welcome any
> comments/corrections to the following.
>
> For OpenPGP the hash function is not set in stone, but you can set a
> list of preferred hash functions, e.g., one of my keys has the 
> following
> list:
>
> 	Digest: SHA256, SHA1, SHA384, SHA512, SHA224
>
> Unfortunately (embarrassingly) MailMate ignores this setting. It 
> simply
> enforces the use of SHA1 to make sure that the ?Content-Type? of a
> message shows the correct hash function in the so-called `micalg`
> parameter. I have it on my ToDo to improve this.

...

> For S/MIME in MailMate, it's kind of worse, and it's partly because 
> I'm
> not 100% sure how it works for S/MIME certificates. MailMate doesn't
> (and maybe cannot?) enforce a particular hash function, but MailMate
> also doesn't try to find out which hash algorithm is used.

...
> Benny

Hi Benny,

This does get REALLY confusing! I know a LOT about using S/MIME and 
OpenPGP, but I would NEVER dare call myself an expert. Frankly, I think 
the subject is so involved that I would highly question anyone who 
claimed to be an expert.

I'm not a developer. I'm a network security engineer (recently retired). 
I do have the statement "default-preference-list SHA512 SHA384 SHA256 
SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed" in my 
gpg.conf file, and I think that this is what you are mentioning. Here's 
what I've found on the usage of "default-preference-list":

"Sets the list of default preferences to string. This preference list is 
used for new keys and becomes the default for "setpref" in the edit 
menu." There are still a lot of SHA1 beys out there (especially with 
S/MIME) but most people/business are upgrading. I can now more or less 
understand the purpose of your new parameter and I'm glad it's on your 
to-do list.

The type of information you really need on S/MIME hash functions is very 
difficult to locate (if it's even out there at all!). Most of us 
technical people (myself included) don't always document as well as we 
should!

-- 
Scott Blystone
Rochester, NY, US

CAcert Assurer (see http://www.cacert.org)
StartSSL Notary (see http://www.startssl.org)

Note: This address also works for instant messaging.

Previous message: [MlMt] Hash Function Parameter? What Am I Missing Here?
Next message: [MlMt] Hash Function Parameter? What Am I Missing Here?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the mailmate mailing list