Thunderbird has recently rolled out a change on the stable release
channel, that caused binding signatures that use SHA1 after a cutoff
date to be considered invalid.
After the release, we have received many reports from users that they
are no longer able to use their keys, because Thunderbird treats them as
expired.
Apparently, even in 2021, it wasn't uncommon that some OpenPGP software
still used SHA1 when creating signatures.
I'm primarily posting this FYI, because there probably isn't a good
solution to the situation we're experiencing. We probably shouldn't undo
the change to allow a longer migration period?
Thanks
Kai
PS: An example can be seen here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1763641
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp