[Pgp-tools-commit] r112 - trunk/caff
Peter Palfrader
weasel at costa.debian.org
Sat Jul 2 21:55:12 UTC 2005
Author: weasel
Date: 2005-07-02 21:55:11 +0000 (Sat, 02 Jul 2005)
New Revision: 112
Modified:
trunk/caff/README.many-keys
Log:
more against v3 keys
Modified: trunk/caff/README.many-keys
===================================================================
--- trunk/caff/README.many-keys 2005-07-02 21:52:56 UTC (rev 111)
+++ trunk/caff/README.many-keys 2005-07-02 21:55:11 UTC (rev 112)
@@ -19,12 +19,17 @@
V3 keys (pgp 2.6x keys) are deprecated. Not only do they rely on md5 for
their fingerprint and signatures, they also use the patented IDEA algorithm
- for encryption. Many people (like caff's author) refuse to sign v3 keys
- these days.
+ for encryption. Also, there are several attacks that make creating new keys
+ with the same keyid trivial. Others make it possible to create different
+ keys with the same fingerprint (tho the key will not actually contain valid
+ RSA parameters).
- If you want to sign v3 keys, sign v3 separately. Batch processing does not
- work. See README.v3-keys.
+ Because of these problems a lot of people (like caff's author) refuse to sign
+ v3 keys these days.
+ If you still want to sign v3 keys, sign v3 separately. Batch processing does
+ not work. See README.v3-keys.
+
* Use multiple passes.
Going through retrieving, signing, and mailing keys can help, e.g.:
More information about the Pgp-tools-commit
mailing list