[Top] [All Lists]

Re: IDEA in v3-v4 conflict (was Re: OpenPGP at IETF-59 Draft Minutes #1)

2004-03-12 14:39:33

I for one don't understand the joke - maybe I'm
just a humourless old bastard,

The joke is that he offered, if we put in signature subkeys to stop using V3 keys, and I complied.

The joke is that I don't *really* expect him to give up his V3 key.

Ian, I think you're doing the right thing not supporting V3 keys.

The biggest flaw in PGP 2 is that it is not fatally flawed. If there were some horrible bug in PGP 2, we could all demand that people give up their V3 keys, and even just drop them. Alas, PGP 2 is indeed pretty good, and therefore it is hard to get people who believe it to be divine revealed wisdom to change their mind; we can only tease them until they get tired of hearing it.

Future protocol designers should learn from this experience and make sure that their early revisions have some massive security flaw so that it's easier to get people to upgrade to the revised version.