Robert J. Hansen
rjh at sixdemonbag.org
Fri Jun 22 20:18:13 CEST 2012
On 6/22/2012 1:44 PM, vedaal at nym.hush.com wrote:
> As you mentioned earlier, the v3 people have an entrenched user-
> base, and are hardly novices, and 'for them', listing the keysize
> with the fingerprint, really is trivial.
If people want to keep using PGP 2.6, let them, but I'm not going to
help them do it. If people want an emergency stopgap while they migrate
to OpenPGP, I'll happily help. Unfortunately, at this point essentially
all the people who would migrate have already migrated.
PGP 2.6 is dead, dead, dead, dead, dead, dead, dead, dead, dead, dead.
PGP 2.6 is highly dependent on MD5, for which *we have already seen
in-the-wild signature forgeries*. That deserves to be underlined and
highlighted and carved in twelve-foot-high flaming letters. Anyone
using PGP 2.6 today is either in resolute denial of the facts or totally
For this reason, I have no interest in helping out PGP 2.6 users. If
they really want to migrate to OpenPGP, then yes, let's do what we can
to help in the migration. But anything that lets them continue to stick
their heads in the sand and deny reality is -- well, without passing
moral judgment on that, I have zero interest in helping.
Were it up to me, PGP 2.6 support in GnuPG would be reduced to
read-only. So be thankful Werner isn't paying attention to my
More information about the Gnupg-users