> I'm still a bit confused on the changes in secring. How does it come up > with the names for those "new" keys as it doesn't seem to corrolate with > anything I can see on the keys.
The names are actually keygrips, not fingerprints. > For them to go away from the OpenPGP standard it obviously had to make > sense to them… They didn't. RFC4880 doesn't define how to store certificates. Way back when, PGP Corporation stored its two keyrings as "pubring.pkr" and "secring.skr". These two files were incredibly simple: each was effectively an OpenPGP message containing nothing but a long sequence of certificates. When PGP started it read each file into RAM, populated a master keyring, and that was that. When GnuPG came along they decided to use the exact same format so that people could migrate just by renaming their .pkr and .skr files to have .gpg extensions. And this was likely a good decision, in that it made it easy for people to switch from PGP. PGP is no longer a serious player in the OpenPGP space. Symantec bought PGP years ago and seem to have been neglecting it ever since. Consequentially, we no longer *need* to use old PGP formats to encourage people to cross over. And at the same time, keyrings are getting a lot bigger -- back in 2000 few people had more than a couple of dozen certificates; twenty years later it's easy to have a few *hundred* certificates. And the old, inefficient PGP keyring format doesn't work very well any more. We don't need the PGP compatibility any more and it's holding us back. That's the root reason for the changes. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
