more against v3 keys

author weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>

Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)

committer weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>

Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)
author weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>
Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)
committer weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>
Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)
diff --git a/caff/README.many-keys b/caff/README.many-keys

index 5d5c2f2301d02dd31ea8edd9e89a059a5481eb14..235a6e27c27c6876d2e5565009b0422b0ae12bc8 100644 (file)
--- a/caff/README.many-keys
+++ b/caff/README.many-keys
@@ -19,11 +19,16 @@ Some hints to get the signing done faster:
  
    V3 keys (pgp 2.6x keys) are deprecated.  Not only do they rely on md5 for
    their fingerprint and signatures, they also use the patented IDEA algorithm
  
    V3 keys (pgp 2.6x keys) are deprecated.  Not only do they rely on md5 for
    their fingerprint and signatures, they also use the patented IDEA algorithm
-  for encryption.  Many people (like caff's author) refuse to sign v3 keys
-  these days.
+  for encryption.  Also, there are several attacks that make creating new keys
+  with the same keyid trivial.  Others make it possible to create different
+  keys with the same fingerprint (tho the key will not actually contain valid
+  RSA parameters).
  
  
-  If you want to sign v3 keys, sign v3 separately. Batch processing does not
-  work. See README.v3-keys.
+  Because of these problems a lot of people (like caff's author) refuse to sign
+  v3 keys these days.
+
+  If you still want to sign v3 keys, sign v3 separately. Batch processing does
+  not work. See README.v3-keys.
  
  * Use multiple passes.
  
  
  * Use multiple passes.
author	weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>
	Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)
committer	weasel <weasel@b513b33f-fedd-0310-b452-c3deb5f4c849>
	Sat, 2 Jul 2005 21:55:11 +0000 (21:55 +0000)