On Thu, 4 Jun 1998, Hal Finney wrote:
2. In section 14, "PGP 5.0 can read an RSA key in V4 format but will only
recognize it using V3 format." should say "... V3 keyid." - it recognizes
either format, but only V3 keyids.
I think Jon's wording is better here. The fact that it doesn't calculate
the keyid properly means that the key can't be used for encryption,
decryption, signature, etc. and interoperate with openpgp implementations.
This fact may not be obvious if we just mentioned the keyid difference -
people may think the only problem is the keyid display in the properties
dialog box. It is better to say that PGP 5.0 doesn't handle V4 RSA
keys properly.
Well, another point I made is that handling of RSA keyids is ambiguous. I
can derive V3 keyids from V4 keys and vice versa. My implementation
actually matches on both keyids, and uses whatever is given as a keyid
(which again will retrieve the key material if it matches either method)
for the routines that do encryption and signing.
Or the wording should be more "but will only operate on it as if it was
the equivalent key material in V3 format". I haven't confirmed this since
the version byte changes, so the fingerprint should differ although the V3
keyid would be the same.
--- reply to tzeruch - at - ceddec - dot - com ---