On Tue, 30 Jun 2020 00:55, Johan Wevers said:
>> Do not use 1.4 unless you have to decrypt old non-MDC protected data or
>> data encrypted to a legacy v3 key.
>
> Do not break backwards compatibility if you want all people to upgrade.
Do not update so that the bad guys can exploit your legacy software ;-)
There are well documented reasons what we don't support MDC and PGP3
keys anymore - it was complex to support and virtually impossible to
make sure that the message has not been tampered with. See the
discussion around EFFail of MUAs using gpg in a brittle and insecure
way.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>> Do not use 1.4 unless you have to decrypt old non-MDC protected data or
>> data encrypted to a legacy v3 key.
>
> Do not break backwards compatibility if you want all people to upgrade.
Do not update so that the bad guys can exploit your legacy software ;-)
There are well documented reasons what we don't support MDC and PGP3
keys anymore - it was complex to support and virtually impossible to
make sure that the message has not been tampered with. See the
discussion around EFFail of MUAs using gpg in a brittle and insecure
way.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.