On Feb 21, 2011, at 7:35 AM, Lutz Donnerhacke wrote:
* Jon Callas wrote:
The bottom line is that a key id in that context is a 64-bit binary key
into a database. That's all that it is.
And it is *not unique*. Software has to deal with multiple keys having the
same ID. Not importing v3, because it might generate such ambigious cases,
is not an acceptable solution. V3 keys only enforce standard compliant
behaviour.
I definitely agree. Unfortunately, very widely deployed code does make the
assumption that all keys have a unique ID. A better fix for this problem is to
fix that code, but that is complex and will likely not happen quickly. A
blockage of V3 keys is not the ideal fix for the problem, as V4-V4 collisions
are still possible. Given how easy it is to make a V3-V4 collision, and how
hard it is to make a V4-V4 one, giving an option to block V3 goes a long way to
avoid (though not eliminate) the problem, and buys time for the proper fix to
be developed and released.
David