> I see this attitude a lot among software developers and it irritates > me: drop support for "obsolete" features
PGP 2.6 *is* obsolete. There's no point in using quotation marks. Read this URL: http://www.kb.cert.org/vuls/id/836068 "Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use." You don't get clearer than that. PGP 2.6 is a dead letter. Obsolete. And with PGP 2.6 being obsolete, so are V3 keys. You seem to believe PGP 2.6 (and V3 keys) are still in fine health. They're not. They need to be abandoned. The fire alarm went off 17 years ago, people have had plenty of time to move to the exits, the thing to do now is watch the thing burn down, share stories about how well it served us, roast some s'mores, and maybe sing a round of "Kumbaya, My Lord". (For non-Americans: s'mores are a dessert involving marshmallows and chocolate, normally eaten around a campfire. "Kumbaya, My Lord" is a well-known campfire song.)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
