This is not clear to me. Certainly a key manager (example GPA) can have certificates that can be version 2. Other keys may or may not be version two but have been signed by the older version.
As far as I understand the all thing can not be trusted (worse if you can not figure out the version of a given key). Jose Simoes 2014-04-19 17:02 GMT+01:00 Robert J. Hansen <[email protected]>: > > How percentage of PGP (or GPG?) users, do you think, know that checking > > fingerprint only is not an assurance against fake signatures? Did you > know? > > Given that this only affects PGP 2.6 certificates, and GnuPG users > overwhelmingly use modern v4 certificates, this is not a major problem > for GnuPG users. > > _______________________________________________ > Gnupg-users mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
