ideal.dll
vedaal at nym.hush.com
vedaal at nym.hush.com
Fri Jun 22 19:44:35 CEST 2012
On Fri, 22 Jun 2012 12:56:46 -0400 Robert J. Hansen
<rjh at sixdemonbag.org> wrote:
>On 6/22/2012 12:39 PM, vedaal at nym.hush.com wrote:
>> " trivially countered by
>> simply listing the keysize together with the fingerprint."
>
>This is, unfortunately, not a trivial fix.
>
>Already people don't pay attention to proper validation because
>the idea
>of checking the fingerprint is alien to them, they don't
>understand it,
>don't understand why it's necessary. Adding another step of
>"verify the
>keysize, too" will just compound the problem.
I'm not now, (and have not been since the ADK v4 bug was fixed ;-)
), advocating that people should generate v3 keys as a choice.
Anyone new to crypto, should definitely use only a v4 key.
As you mentioned earlier, the v3 people have an entrenched user-
base, and are hardly novices, and 'for them', listing the keysize
with the fingerprint, really is trivial.
(I never called it a 'fix'. It's an easily describable and do-able
workaround for people who need their v3's for their preferred
cryptosystem.)
vedaal
More information about the Gnupg-users
mailing list