[PATCH] Disable importing V3 public keys from keyservers

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Oct 10 19:42:43 CEST 2014


On 10/10/2014 01:34 PM, Werner Koch wrote:
> On Fri, 10 Oct 2014 16:36, dkg at fifthhorseman.net said:
> 
>> but anyway, v3 keys need to die already.
> 
> Tell that the people who complained for years about the missing IDEA and
> PGP2 support for their v3 keys.  Apparently they want to be able to read
> their old messages - which I can understand.

sure, i can understand that, and maybe i should temper my earlier remark.

how about "v3 public keys for which you do not have the secret part need
to die already"?

This would mean that v3 signatures couldn't be checked (except by people
who control the given key).  but no one should probably be relying on v3
signatures anyway, since they're all MD5-based.

> Thus there is no way to get rid of v3 anytime soon - well unless we
> declare that all v3 support will be removed from GnuPG-2 and those who
> have not come around to re-encrypt their old stuff need to use 1.4.
> This is worth a discussion.

That's more radical than what i wrote above, but i think i wouldn't mind
doing it.

People who really want to dig back through an old encrypted archive that
they haven't re-encrypted can always build from older source
specifically for their re-encryption stage.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141010/1962515a/attachment-0001.sig>


More information about the Gnupg-devel mailing list