Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jun 21 22:38:31 CEST 2012
On 06/21/2012 01:21 PM, vedaal at nym.hush.com wrote:
> vedaal at nym.hush.com vedaal at nym.hush.com wrote on
> Thu Jun 21 19:05:06 CEST 2012 :
>> Will GnuPG 2.x then allow importation of v3 keys?
>> (main reason I still prefer 1.4.x over 2.x)
> my mistake, gnupg 2.x does import v3 keys,
unfortunately, this is indeed the case. v3 keys have a serious
vulnerability in that their fingerprint mechanism is trivially gamable,
so long keyid collisions are easy.
You should retire your v3 key, as should anyone else with such a key.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users