more against v3 keys

author weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>

Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)

committer weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>

Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)
author weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>
Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)
committer weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>
Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)
diff --git a/caff/README.many-keys b/caff/README.many-keys

index 5d5c2f2301d02dd31ea8edd9e89a059a5481eb14..235a6e27c27c6876d2e5565009b0422b0ae12bc8 100644 (file)
--- a/caff/README.many-keys
+++ b/caff/README.many-keys
@@ -19,11 +19,16 @@ Some hints to get the signing done faster:
  
    V3 keys (pgp 2.6x keys) are deprecated.  Not only do they rely on md5 for
    their fingerprint and signatures, they also use the patented IDEA algorithm
-  for encryption.  Many people (like caff's author) refuse to sign v3 keys
-  these days.
+  for encryption.  Also, there are several attacks that make creating new keys
+  with the same keyid trivial.  Others make it possible to create different
+  keys with the same fingerprint (tho the key will not actually contain valid
+  RSA parameters).
  
-  If you want to sign v3 keys, sign v3 separately. Batch processing does not
-  work. See README.v3-keys.
+  Because of these problems a lot of people (like caff's author) refuse to sign
+  v3 keys these days.
+
+  If you still want to sign v3 keys, sign v3 separately. Batch processing does
+  not work. See README.v3-keys.
  
  * Use multiple passes.
author	weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>
	Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)
committer	weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>
	Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)