A postmortem on Efail
Damien Goutte-Gattat
dgouttegattat at incenp.org
Mon May 21 10:54:46 CEST 2018
On 05/21/2018 04:07 AM, Mark Rousell wrote:
> I think you mean that support for 2.0.y has been dropped, surely?
No, I do mean that support for all PGP 2-related stuff has been dropped
from the current stable branch. Modern GnuPG (≥ 2.1) can neither read
nor write anything that has been generated by PGP 2.x. Compatibility
starts with PGP 5, which dates back to 1997.
> When I wrote "2.x.y" above I meant that users should be able
> to continue decrypting legacy-encrypted data (albeit with a change of
> commands/options compared to the present) with whatever the
> currently-supported version of 2.something is at any point in the
> future.
Well, that's already not the case. If you have pre-1997 data, you need
to use GnuPG 1.4, which again *is* still supported precisely for this
use case. (You could also, in theory, use GnuPG 2.0.x, but *that* branch
is explicitly no longer supported.)
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180521/a931e708/attachment.sig>
More information about the Gnupg-users
mailing list