If person1 has a signed and encrypted email to person 2, but which
used IDEA and MD 5, and now wants to decrypt, and re-encrypt and
sign, and send to person 2, who will then destroy the original
email, why shouldn't they be allowed to know if this is safe.
They *are* allowed. The source code is there for them to study.
What I said is that I'm not going to do that work for them, because I
think PGP 2.6.3 is best abandoned. Full stop. No exceptions. Migrate
your data already, you've had over a quarter century.
People are of course free to disagree with me: some do. But that is my
position, and I think it's kind of incredible that someone would ask me
to come up with reasons that would allow PGP 2.6.3 users to justify
their continued use. :)
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
