Robert J. Hansen rjh at
Sun Jan 30 05:37:35 CET 2022

>     If person1 has a signed and encrypted email to person 2, but which
>     used IDEA and MD 5, and now wants to decrypt, and re-encrypt and
>     sign, and send to person 2, who will then destroy the original
>     email, why shouldn't they be allowed to know if this is safe.

They *are* allowed.  The source code is there for them to study.

What I said is that I'm not going to do that work for them, because I 
think PGP 2.6.3 is best abandoned.  Full stop.  No exceptions.  Migrate 
your data already, you've had over a quarter century.

People are of course free to disagree with me: some do.  But that is my 
position, and I think it's kind of incredible that someone would ask me 
to come up with reasons that would allow PGP 2.6.3 users to justify 
their continued use.  :)

More information about the Gnupg-users mailing list