Reading new key packages
Andrew Gallagher
andrewg at andrewg.com
Wed Jan 17 18:24:38 CET 2024
On 17 Jan 2024, at 17:07, Werner Koch <wk at gnupg.org> wrote:
>
> On Wed, 17 Jan 2024 16:54, Andrew Gallagher said:
>
>> Encryption subkey sbinds don’t need subpackets (they can’t generate
>> primary key binding sigs), and I recently had to soft-fork go-crypto
>
> Huh? How do you specify an expiration date or key usage?
You don’t. And yet such keys exist. I'm as shocked as you.
https://github.com/hockeypuck/hockeypuck/issues/205
> Any software
> which does this is bogus. It 26 years since the introduction of v4
> signatures. All that old stuff anyway used MD5 which we should not use
> anymore.
It’s certainly true that people _shouldn’t_ be using them. But this is OpenPGP after all… :-(
A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240117/a03c96d7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240117/a03c96d7/attachment.sig>
More information about the LibrePGP-discuss
mailing list