Robert J. Hansen rjh at
Fri Jun 22 21:40:54 CEST 2012

On 06/22/2012 02:52 PM, vedaal at wrote:
> Am somewhat surprised by the unprovoked V3 rants, when I asked for 
> nothing from anyone, and only thanked WK for allowing it to happen.

Your characterization of "adding the key length is a trivial
[something]" is what irritated me.  As I mentioned, it's not trivial, it
doesn't fix the real underlying problem, it complicates things, and we
should be pushing people to move to v4 keys anyway.  IMO, any time spent
talking about how to 'fix' PGP 2.6 is unserious and wasted.  You can't
fix it.  You can't even mitigate the damage, since forged MD5 signatures
are now known to be in the wild.

More information about the Gnupg-users mailing list