idea.dll
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jun 21 22:38:31 CEST 2012
On 06/21/2012 01:21 PM, vedaal at nym.hush.com wrote:
> vedaal at nym.hush.com vedaal at nym.hush.com wrote on
> Thu Jun 21 19:05:06 CEST 2012 :
>
>> Will GnuPG 2.x then allow importation of v3 keys?
>> (main reason I still prefer 1.4.x over 2.x)
>
> Sorry,
> my mistake, gnupg 2.x does import v3 keys,
unfortunately, this is indeed the case. v3 keys have a serious
vulnerability in that their fingerprint mechanism is trivially gamable,
so long keyid collisions are easy.
You should retire your v3 key, as should anyone else with such a key.
Please!
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120621/cc29fde8/attachment-0001.pgp>
More information about the Gnupg-users
mailing list