v4 implementations might reject a message that contains a v6 signature
I think we messed up interoperability between v4 implementations and v5 implementations with v5 keys:
- On the one hand, a v5 key holder can send an encrypted message to a v4 recipient, but
- on the other hand, the message cannot be signed: a v5 signing key can only create v5 signatures, but the v4 recipent will not be able to verify it.
- Worse, the v4 implementation will most likely reject the message because many implementations are not sufficieltly robust to ignore the unknown signature version.
Edited by Daniel Kahn Gillmor