[PATCH] Disable importing V3 public keys from keyservers

David Leon Gil coruus at gmail.com
Fri Oct 10 16:22:51 CEST 2014

On Fri, Oct 10, 2014 at 10:05 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> full v3 fingerprints are also spoofable …

You can generate collisions easily enough. Is there another way of
spoofing them? They're the MD5 hash of the modulus, no?

More information about the Gnupg-devel mailing list