On Fri, 22 Jun 2012 12:56:46 -0400 Robert J. Hansen <r...@sixdemonbag.org> wrote: >On 6/22/2012 12:39 PM, ved...@nym.hush.com wrote:
>> " trivially countered by >> simply listing the keysize together with the fingerprint." > >This is, unfortunately, not a trivial fix. > >Already people don't pay attention to proper validation because >the idea >of checking the fingerprint is alien to them, they don't >understand it, >don't understand why it's necessary. Adding another step of >"verify the >keysize, too" will just compound the problem. I'm not now, (and have not been since the ADK v4 bug was fixed ;-) ), advocating that people should generate v3 keys as a choice. Anyone new to crypto, should definitely use only a v4 key. As you mentioned earlier, the v3 people have an entrenched user- base, and are hardly novices, and 'for them', listing the keysize with the fingerprint, really is trivial. (I never called it a 'fix'. It's an easily describable and do-able workaround for people who need their v3's for their preferred cryptosystem.) vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
