On 06/21/2012 01:21 PM, ved...@nym.hush.com wrote:
> vedaal at nym.hush.com vedaal at nym.hush.com wrote on
> Thu Jun 21 19:05:06 CEST 2012 :
> 
>> Will GnuPG 2.x then allow importation of v3 keys?
>> (main reason I still prefer 1.4.x over 2.x)
> 
> Sorry, 
> my mistake, gnupg 2.x does import v3 keys,

unfortunately, this is indeed the case.  v3 keys have a serious
vulnerability in that their fingerprint mechanism is trivially gamable,
so long keyid collisions are easy.

You should retire your v3 key, as should anyone else with such a key.
Please!

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to