It's 2014. Are we there yet?
one.jsim at gmail.com
Sat Apr 19 22:45:10 CEST 2014
This is not clear to me.
Certainly a key manager (example GPA) can have certificates that can be
version 2. Other keys may or may not be version two but have been signed by
the older version.
As far as I understand the all thing can not be trusted (worse if you can
not figure out the version of a given key).
2014-04-19 17:02 GMT+01:00 Robert J. Hansen <rjh at sixdemonbag.org>:
> > How percentage of PGP (or GPG?) users, do you think, know that checking
> > fingerprint only is not an assurance against fake signatures? Did you
> Given that this only affects PGP 2.6 certificates, and GnuPG users
> overwhelmingly use modern v4 certificates, this is not a major problem
> for GnuPG users.
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users