On 12/13/2010 01:13 PM, David Shaw wrote: > Why is it that using the method you advocate, there is a graceful > changeover between fingerprint formats, but a change in the > certificate format requires a "hard cut-over" with "global > interruption of existing networks..." ?
I was assuming that new certificates come with new keys, and that new keys could not certify or be certified by existing (old) certificates. Are v3 keys able to certify or be certified by v4 certificates? > I suspect a changeover would take somewhere between 5 and 10 years, > just as the v3->v4 changeover did. That sounds like what i would expect as well. > It is premature to try and force a particular format into the > design before we even have a SHA-3 to talk about. i agree. That's why i've been proposing that people transition to new algorithms without trying to wait for a format change that is likely to take years to even begin, plus many more years to complete. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users