On Mon, 4 Aug 2014 19:06, ian(_at_)icb(_dot_)im said:
I'm not so sure I would say "no software" can use them. They're odd in that
they're a bare Public-Key Packet, but that doesn't mean they're unusable.
I won't call that an OpenPGP packet. It is not OpenPGP compatible:
RFC4880, 12.1 Key Structures:
In a V4 key, the primary key MUST be a key capable of certification.
along with 5.5.2 Public-Key Packet Formats:
OpenPGP implementations MUST create keys with version 4 format. V3
keys are deprecated; an implementation MUST NOT generate a V3 key,
but MAY accept it.
v3 keys have severe weaknesses for example they rely on MD5. ECDH is
not capabale of signing/certifying.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp