On Fri, 29 Mar 2024 13:00, Andrew Gallagher said: > V5 subkeys of v4 primary keys would appear to introduce a novel > failure mode. It should be noted that in crypto-refresh, adding a
Nope. A v5 key has nothing to do a v4 signature and having different algorithm on the primary key and the subkeys is really common and allowed us once to slowly introduce RSA and ECC without any major problems. This is why we will do the same for PQC encryption. To repeat: The *v5 key format* merely adds a four-octet count of the public key material to the v4 format. There are also minor chnages for the (not so import) secret key exchange format. And - more important - it defines that the fingerprint is now done using SHA-256. The latter is the whole point why we once decided to use add a v5 format - to make it clear tha a SHA-256 fingerprint is used. All in all a really minor changes and not worth a long debate. The crypto-refresh has a lot of things which breaks OpenPGP and that draft, or soon to be RFC, does not care about backward compatibility. They should not have used the term OpenPGP for this. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
