hal(_at_)finney(_dot_)org ("Hal Finney") writes:
I'm not familiar with this term "throw-keyid".
It's somewhat confusing GPG terminology.
Given the weak level of anonymity it affords, perhaps the zero keyid feature
is misleading to users? If so, should we consider deprecating it until we
are willing to do the work necessary to do the job right?
It's not just misleading, it's an absolute bastard to support for
implementors. So I think it should be deprecated not only because it serves
little useful purpose, but also because the large amount of complexity added
in supporting it isn't reflected by any matching payback in security.
Peter.