FAQ: drop mention of 1.4?

Robert J. Hansen rjh at sixdemonbag.org
Fri Aug 28 18:52:16 CEST 2015

> I see this attitude a lot among software developers and it irritates
> me: drop support for "obsolete" features

PGP 2.6 *is* obsolete.  There's no point in using quotation marks.  Read
this URL: http://www.kb.cert.org/vuls/id/836068

"Software developers, Certification Authorities, website owners, and
users should avoid using the MD5 algorithm in any capacity. As previous
research has demonstrated, it should be considered cryptographically
broken and unsuitable for further use."

You don't get clearer than that.  PGP 2.6 is a dead letter.  Obsolete.
And with PGP 2.6 being obsolete, so are V3 keys.

You seem to believe PGP 2.6 (and V3 keys) are still in fine health.
They're not.  They need to be abandoned.  The fire alarm went off 17
years ago, people have had plenty of time to move to the exits, the
thing to do now is watch the thing burn down, share stories about how
well it served us, roast some s'mores, and maybe sing a round of
"Kumbaya, My Lord".

(For non-Americans: s'mores are a dessert involving marshmallows and
chocolate, normally eaten around a campfire.  "Kumbaya, My Lord" is a
well-known campfire song.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1016 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150828/9f458141/attachment.sig>

More information about the Gnupg-users mailing list