Does GNUPG have the PGP ADK weakness?

Huels, Ralf KSV
28 Aug 2000 12:31:14 +0200

> BTW, thre are other tools to generate v4 keys and signatures aside
> from GnuPG or NAI.
Which is exactly why Ralf disparages the use of v4 signatures all together. As far as I understand the debate, Ralf is talking about keys. Unfortunately, many others seem to talk about software. The problem for users of any software that uses v4 signatures and encrypts to ADKs was construed as a problem for users of any software that uses v4 sigs. I can see why people say that not encrypting to illicit ADKs is the senderīs responsibility and thus GnuPG users are fine. However, the fact remains that "broken" PGP (or other s/w) versions are going to remain out there. I think itīs ok to point out that PGP (< 6.5.8) users are not safe from the bug when encrypting to GnuPG users. Of course there is really nothing we (i.e. the GnuPG users and developers) can do about that except set the good example and spread the word. Tschuess, Ralf -- Ralf Hüls Bismarckplatz KSV Kreditschutz-Vereinigung GmbH 44866 Bochum Score-Consult Tel. 02327/9114-28 Fax. 02327/8 40 27 -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to