Comment # 23 on bug 1093836 from 
So all I can find on this is that this is a security improvement. Messages that
are signed and encrypted but are missing an MDC can be tripped of their
signature and the encrypted content replaced with arbitrary content. Decryption
of said content then leads to the EFAIL attacks.

I believe that your ELG key from 2000 may be missing the MDC feature flag, or
the cypers forced the the old key may not MDC.

See --force-mdc vs. --disable-mdc, and their configuration file equivalents.

If this is only about the MDC I would prefer security over backwards
compatibility.

You are receiving this mail because: