another note

[pgp-tools.git] / caff / README.many-keys

diff --git a/caff/README.many-keys b/caff/README.many-keys
index ce57d5ece656360aa8339204da3897e95436959e..235a6e27c27c6876d2e5565009b0422b0ae12bc8 100644 (file)
--- a/caff/README.many-keys
+++ b/caff/README.many-keys
@@ -17,23 +17,34 @@ Some hints to get the signing done faster:
 
 * v3 keys are evil.
 
-  Sign v3 separately. Batch processing does not work. See README.v3-keys.
+  V3 keys (pgp 2.6x keys) are deprecated.  Not only do they rely on md5 for
+  their fingerprint and signatures, they also use the patented IDEA algorithm
+  for encryption.  Also, there are several attacks that make creating new keys
+  with the same keyid trivial.  Others make it possible to create different
+  keys with the same fingerprint (tho the key will not actually contain valid
+  RSA parameters).
+
+  Because of these problems a lot of people (like caff's author) refuse to sign
+  v3 keys these days.
+
+  If you still want to sign v3 keys, sign v3 separately. Batch processing does
+  not work. See README.v3-keys.
 
 * Use multiple passes.
 
   Going through retrieving, signing, and mailing keys can help, e.g.:
 
-  $ caff -SEM `cat ksp-fingerprints.txt`
-  $ caff -REM `cat ksp-fingerprints.txt`
-  $ caff -RSE `cat ksp-fingerprints.txt`
+  $ caff --no-sign --no-export-old --no-mail `cat ksp-fingerprints.txt`
+  $ caff --no-download --no-export-old --no-mail `cat ksp-fingerprints.txt`
+  $ caff --no-download --no-sign --no-export-old `cat ksp-fingerprints.txt`
 
 * If you have multiple local keys, only send mail once after signing with all.
 
   caff will send out all previously done signatures in the message. (Of course
   you have to configure $CONFIG{'keyid'} to contain all your key ids.)
 
-  $ caff -EM -u <mykey1> <other_key>
-  $ caff -RE -u <mykey2> <other_key>
+  $ caff --no-export-old --no-mail -u <mykey1> <other_key>
+  $ caff --no-download --no-export-old -u <mykey2> <other_key>
 
 * Use gpg-agent.