Werner Koch, wk, at gnupg.org wrote on Mon May 14 19:32:18 CEST 2018: ... I am all in favor of this and even considered to that some time ago. However, not too long ago we removed support for PGP-2 keys which unfortunately resulted in lots of angry mails from people who now think they need to use gnupg 1.4 every day because they seem to read mails >From the last century on a regular base. Well, they think and they were quite vocal. Now telling them they need to enable an option to read certain not that old mail (e.g. creating by other OpenPGP implementations) will a) lead to even more angry mails and b) they will keep on using that option for all mails. Thus my tentative plan was to make the next major version hard fail on messages without MDC and slowly start using our forthcoming AEAD encryption mode.
Well okay, with the new support of the Ehtmlfail paper we could now point to that paper and always hard error out if no MDC is used even for old algorithms. Shall we consider this? ... ===== Yes. As an Old PGP 2.x user, I can say that the majority of PGP 2.x users communicating among them selves, DON'T use GnuPG at all. Those who do use GnuPG, have a new V4 key and use exclusively that, and can easily handle the hardwired MDC fail, and will even be thankful for the GnuPG 'protection'. vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
