It's 2014. Are we there yet?

One Jsim one.jsim at
Sat Apr 19 22:45:10 CEST 2014

This is not clear to me.

Certainly a key manager (example GPA) can have certificates that can be
version 2. Other keys may or may not be version two but have been signed by
the older version.

As far as I understand the all thing can not be trusted  (worse if you can
not figure out the version of a given key).

Jose Simoes

2014-04-19 17:02 GMT+01:00 Robert J. Hansen <rjh at>:

> > How percentage of PGP (or GPG?)  users, do you think, know that checking
> > fingerprint only is not an assurance against fake signatures? Did you
> know?
> Given that this only affects PGP 2.6 certificates, and GnuPG users
> overwhelmingly use modern v4 certificates, this is not a major problem
> for GnuPG users.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140419/10bedac1/attachment-0001.html>

More information about the Gnupg-users mailing list