On 06/21/2012 01:21 PM, ved...@nym.hush.com wrote: > vedaal at nym.hush.com vedaal at nym.hush.com wrote on > Thu Jun 21 19:05:06 CEST 2012 : > >> Will GnuPG 2.x then allow importation of v3 keys? >> (main reason I still prefer 1.4.x over 2.x) > > Sorry, > my mistake, gnupg 2.x does import v3 keys,
unfortunately, this is indeed the case. v3 keys have a serious
vulnerability in that their fingerprint mechanism is trivially gamable,
so long keyid collisions are easy.
You should retire your v3 key, as should anyone else with such a key.
Please!
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
