v5 vs v6 consequences
Vincent Breitmoser
look at my.amazin.horse
Mon Sep 15 09:52:41 CEST 2025
> What are the issues with v5 signatures?
As referenced earlier in this thread, please refer to
https://github.com/crypto-security-tools/OpenPGP-LibrePGP-comparison/
for a technical and governance comparison of the specs.
The main issues that you will find these days (imo) are that v5 is a
format that is exclusively governed by GnuPG. As such it has limited
support in other implementations, is not an OpenPGP format, and has
dropped its stated goal of becoming such.
If this is something that works for you, or you are bound to using GnuPG
regardless, the technical issues are probably not significant as a
deciding factor.
> [*sigh*]
Everyone please note that this is a *hugely* complicated topic, with
many actors, years, technical complexities, and clashes of personal
sensitivities involved. As such, it is difficult to explain in any
amount of written text to folks watching from the sidelines.
Some may find this "after the dust settled" blog post from GnuPG on the
matter enlightening:
https://www.gnupg.org/blog/20250117-aheinecke-on-sequoia.html
Cheers
- V
On 9/15/25 04:28, Jacob Bachmeyer via Gnupg-devel wrote:
> On 9/14/25 02:27, Andrew Gallagher via Gnupg-devel wrote:
>> [...] A few other implementations had support for v5 keys since before the schism, but all except gnupg agreed to move to v6 once the issues with v5 signatures became known.
>
> [*sigh*]
>
> What are the issues with v5 signatures?
>
>
> -- Jacob
>
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-devel
More information about the Gnupg-devel
mailing list