http://bugzilla.opensuse.org/show_bug.cgi?id=1093836 http://bugzilla.opensuse.org/show_bug.cgi?id=1093836#c23 --- Comment #23 from Andreas Stieger <astieger@suse.com> --- So all I can find on this is that this is a security improvement. Messages that are signed and encrypted but are missing an MDC can be tripped of their signature and the encrypted content replaced with arbitrary content. Decryption of said content then leads to the EFAIL attacks. I believe that your ELG key from 2000 may be missing the MDC feature flag, or the cypers forced the the old key may not MDC. See --force-mdc vs. --disable-mdc, and their configuration file equivalents. If this is only about the MDC I would prefer security over backwards compatibility. -- You are receiving this mail because: You are on the CC list for the bug.