On 6/22/2012 12:39 PM, ved...@nym.hush.com wrote: > " trivially countered by > simply listing the keysize together with the fingerprint."
This is, unfortunately, not a trivial fix. Already people don't pay attention to proper validation because the idea of checking the fingerprint is alien to them, they don't understand it, don't understand why it's necessary. Adding another step of "verify the keysize, too" will just compound the problem. If your solution takes the worst part of key validity checking and makes it even worse, then that's not a fix: that's an emergency stopgap measure while people move to a better cryptosystem, such as V4 keys. If you want to call it a stopgap, sure, I'll agree with you. But I can't agree that what you're calling a "fix" actually fixes anything. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
