Robert J. Hansen
rjh at sixdemonbag.org
Fri Jun 22 21:40:54 CEST 2012
On 06/22/2012 02:52 PM, vedaal at nym.hush.com wrote:
> Am somewhat surprised by the unprovoked V3 rants, when I asked for
> nothing from anyone, and only thanked WK for allowing it to happen.
Your characterization of "adding the key length is a trivial
[something]" is what irritated me. As I mentioned, it's not trivial, it
doesn't fix the real underlying problem, it complicates things, and we
should be pushing people to move to v4 keys anyway. IMO, any time spent
talking about how to 'fix' PGP 2.6 is unserious and wasted. You can't
fix it. You can't even mitigate the damage, since forged MD5 signatures
are now known to be in the wild.
More information about the Gnupg-users