[Pgp-tools-commit] r111 - trunk/caff
Peter Palfrader
weasel at costa.debian.org
Sat Jul 2 21:52:56 UTC 2005
Author: weasel
Date: 2005-07-02 21:52:56 +0000 (Sat, 02 Jul 2005)
New Revision: 111
Modified:
trunk/caff/README.many-keys
Log:
short options are evil too. descript that v3 keys should be avoided
Modified: trunk/caff/README.many-keys
===================================================================
--- trunk/caff/README.many-keys 2005-07-02 21:46:35 UTC (rev 110)
+++ trunk/caff/README.many-keys 2005-07-02 21:52:56 UTC (rev 111)
@@ -17,23 +17,29 @@
* v3 keys are evil.
- Sign v3 separately. Batch processing does not work. See README.v3-keys.
+ V3 keys (pgp 2.6x keys) are deprecated. Not only do they rely on md5 for
+ their fingerprint and signatures, they also use the patented IDEA algorithm
+ for encryption. Many people (like caff's author) refuse to sign v3 keys
+ these days.
+ If you want to sign v3 keys, sign v3 separately. Batch processing does not
+ work. See README.v3-keys.
+
* Use multiple passes.
Going through retrieving, signing, and mailing keys can help, e.g.:
- $ caff -SEM `cat ksp-fingerprints.txt`
- $ caff -REM `cat ksp-fingerprints.txt`
- $ caff -RSE `cat ksp-fingerprints.txt`
+ $ caff --no-sign --no-export-old --no-mail `cat ksp-fingerprints.txt`
+ $ caff --no-download --no-export-old --no-mail `cat ksp-fingerprints.txt`
+ $ caff --no-download --no-sign --no-export-old `cat ksp-fingerprints.txt`
* If you have multiple local keys, only send mail once after signing with all.
caff will send out all previously done signatures in the message. (Of course
you have to configure $CONFIG{'keyid'} to contain all your key ids.)
- $ caff -EM -u <mykey1> <other_key>
- $ caff -RE -u <mykey2> <other_key>
+ $ caff --no-export-old --no-mail -u <mykey1> <other_key>
+ $ caff --no-download --no-export-old -u <mykey2> <other_key>
* Use gpg-agent.
More information about the Pgp-tools-commit
mailing list