Daniel Kahn Gillmor dkg at
Thu Jun 21 22:38:31 CEST 2012

On 06/21/2012 01:21 PM, vedaal at wrote:
> vedaal at vedaal at wrote on
> Thu Jun 21 19:05:06 CEST 2012 :
>> Will GnuPG 2.x then allow importation of v3 keys?
>> (main reason I still prefer 1.4.x over 2.x)
> Sorry, 
> my mistake, gnupg 2.x does import v3 keys,

unfortunately, this is indeed the case.  v3 keys have a serious
vulnerability in that their fingerprint mechanism is trivially gamable,
so long keyid collisions are easy.

You should retire your v3 key, as should anyone else with such a key.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120621/cc29fde8/attachment-0001.pgp>

More information about the Gnupg-users mailing list