ietf-openpgp
[Top] [All Lists]

Re: meeting in San Francisco?

2003-03-06 15:37:11

On 3/6/03 2:10 AM, "Werner Koch" <wk(_at_)gnupg(_dot_)org> wrote:

I don't think that it is really required to deprecate v3 keys.  Almost
all applications do create v4 keys and it should be up to the
implementor to support them or not.  There are still enough v3 keys
alive so that implementors must still handle keyIDs and fingerprints
separately.

The real problem is the continued use of IDEA, especially to protect
secret keys.  A strong word that the use of IDEA is deprecated would
be helpful.

It is my opinion that deprecating IDEA (which I would be happy to do) is
about the same as deprecating V3 keys.

The reason I say that is that the only reason for a V3 key is to
interoperate with PGP 2.6. PGP 2.6 has only IDEA.

Deprecating IDEA deprecates PGP 2.6, and that makes V3 keys unnecessary.

Personally, I'd love to deprecate PGP 2.6. Almost all the interoperability
problems we have revolve around it.

    Jon