Ian Grigg <iang(_at_)systemics(_dot_)com> writes:
So there are problems with the old PGP system. But, and it's an
important but, these (key) problems only effect keyservers in general.
As most people don't use key servers, this is not a tremendous problem,
and certainly not justification for dropping the old formats. It is of
course more important to PGP Inc as their products use key servers
That's an easy one to solve: just use a different value for the
automated keyserver lookup. eg keyID||fingerprint.
For manual pgp2.x users of the same keyservers (rather than software
automated pgp5.x lookups) just provide an additional CGI form for
fingerprint, and a short text explaining the problem, and how to avoid
it. Display the fingerprint by default also might be a good idea.