[PATCH] Disable importing V3 public keys from keyservers
Kristian Fiskerstrand
kristian.fiskerstrand at sumptuouscapital.com
Fri Oct 10 19:41:14 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 10/10/2014 07:34 PM, Werner Koch wrote:
> On Fri, 10 Oct 2014 16:36, dkg at fifthhorseman.net said:
>
>> but anyway, v3 keys need to die already.
>
> Tell that the people who complained for years about the missing
> IDEA and PGP2 support for their v3 keys. Apparently they want to
> be able to read their old messages - which I can understand.
Indeed, and I used to be one myself [0], but see below for further
comments.
>
> Thus there is no way to get rid of v3 anytime soon - well unless
> we declare that all v3 support will be removed from GnuPG-2 and
> those who have not come around to re-encrypt their old stuff need
> to use 1.4. This is worth a discussion.
I second removing support for V3 wherever possible. And to the
opposite only enable it upon explicit configuration option, but
primarily just remove the thing as they represent <5% of the available
public keys[1] while weakening the WoT for everyone, and that numberr
is before taking into consideration people moving away from these keys
in the first place. In particular, remove support in gnupg 2.1.
References:
[0] http://www.kfwebs.net/articles/article/42/GnuPG-2.0---IDEA-support
[1] http://blog.sumptuouscapital.com/2014/01/openpgp-key-statistics/
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Audaces fortuna iuvat
Fortune favors the brave
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJUOBo5AAoJEPw7F94F4Tag2YcP/RFS18GYC5YKPZ4ODz4aIIHP
f3cuCrjzbNbOL0s+2R4eXTdz+bBZlWDCnEPLwKHKcdAS3BIJ5Kso1hsCFB9Ei7y/
usazhNU+ZQimdt/wr7Omjj+k/0HQGRfJjwSqvk/g8M44u0CYzbGszDqTxDL0S2jR
j54lx3GEIlct1Jv/71D2kShmCvvkQiwEdNRuqVj2rJvxPo5TD5Ssx52GPdExRslG
Lgz7u/eOPldEREgse9cVow+cKoHNgkdY8luk9k2xnBI+Z/RpY6r/djDdxnVl+Dpu
syTTdQku9u3J3rBz1OA0avPauKJ0PUtkRRnHZGCY+KBQAeaaAA1fSl5ZAApOX486
IJxZZBf4d+GhGdMgRxBt3et6M0ZE1Z8O/tVMo9I2VQa8sPMLHJO+0nRI3f7IdUr+
6b4FCAQapLHIHQ8TTQCgW1M7YE8MSdxY8QzZuTrycG43n+GnbIhsavOzvPeLb9E7
FFNQbNBofmup6rgqxk4nuLjNFlntfxqjXrJf2DyG1t3/5w+tkA8YxKeaqBd7ezto
TZm0rU49xqK7DlyuJgLKjq+mX77aR+UCS5OCByNtFnFSkHJkTEkKF7tCuYCbysuM
AmD7fz10L+uO7S7BMv11KDBnvbi0hT1kQoMmewDFqf/AhuDrklzgSgNt6o3FJkA3
i0/sJAB+tg/+QIiBanar
=lNV8
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list