The two V3 attacks

Nicholas Cole nicholas.cole at gmail.com
Mon Jun 25 10:19:14 CEST 2012


On Mon, Jun 25, 2012 at 8:08 AM, Werner Koch <wk at gnupg.org> wrote:
> On Mon, 25 Jun 2012 07:22, guninski at guninski.com said:
>
>> If they are not new why they are not fixed yet?
>
> There was no rough consensus to drop v3 packets.  Meanwhile there is no
> WG anymore because the IETF decided that OpenPGP has been done.
>
> The outcome of a v5 key format discussion was to wait for SHA-3 and then
> to start the discussion again.

Fortunately, that may be as early as the end of this year:

http://csrc.nist.gov/groups/ST/hash/timeline.html

As an aside: one of the problems of any key system is that the
security advantages of changing keys often (and using new formats)
have to be weighed against the inconvenience of distribution and
re-certification.

Best wishes,

N.



More information about the Gnupg-devel mailing list