On Sun, Jun 04, 2017 at 08:29:31PM +0200, Kristian Fiskerstrand wrote: > On 06/04/2017 11:21 AM, Stefan Claas wrote: > >> The reason why i ask, i started to use Thunderbird with Enigmail >> and Enigmail shows me always Untrusted Good Signature with a 32bit >> key ID, when i have not carefully verified the persons pub key and >> --lsign'ed the pub-key. Showing only the long key id or the >> complete fingerprint is imho more difficult to quickly memorize >> than an additionial shown identicon (computed from the >> fingerprint). > > I'm likely missing something there, but if having a reasonable > assurance the public keyblock in question should likely be lsigned > by a local CAkey anyways? Doing a manual graphical verification > doesn't seem to provide anythin in terms of security here.
It's got nothing to do with security and everything to do with providing a unique generated icon for each key so an end user can personally identify the correct key based on coloured shapes instead of a hexadecimal string. Which is why I called it Gravatar for GPG. It's not the sort of thing that should be in GPG itself, but there's nothing stopping anyone from incorporating that kind of feature into a key management tool. Regards, Ben
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users