Re: [openpgp] SHA-2 support should be mandatory – change defaults
David Shaw
dshaw at jabberwocky.com
Thu Aug 14 13:23:20 CEST 2014
On Aug 14, 2014, at 1:20 AM, Doug Barton <dougb at dougbarton.us> wrote:
> On 08/12/2014 08:41 PM, David Shaw wrote:
>> Maybe the answer is to remove the things to generate PGP 2 messages specifically, and leave the other stuff?
>
> Yes please. :)
>
> Not being able to encrypt/sign with PGP 2 at this point is totally reasonable. Not being able to decrypt/verify leads to toolchain complications down the road for people with such archives, and sends a dangerous message that we're not serious about backwards compatibility.
I think the context has been lost in that sentence. The "other stuff" I was referring to was --pgp6, --pgp7, etc. The --pgpX options in general. There was never a question of removing the ability to decrypt PGP 2 messages. As you say, that would destroy the ability to decrypt old messages.
David
More information about the Gnupg-users
mailing list