On Fri, 7 Mar 2003, Bodo Moeller wrote:
Deprecating IDEA deprecates PGP 2.6, and that makes V3 keys unnecessary.
No. PGP is not just about encryption, there's also signatures (in
particular, certification signatures).
I do not think the web of trust would be significantly altered if V3 keys
were depricated. (I'd like to see Drew Streib's key analysis run with the
v3 keys excluded to test this theory). More important to the users is
individual trust changes. Perhaps this could be addressed by stating that
key certifications "MAY" but "SHOULD NOT" be v3 format (and reference RFC
1991)? (Am I correct in assuming that v3 as described in OpenPGP is
identical to v3 in 1991?)
I'd also be happy just cutting the v3 web loose.