On 06/04/2016 12:43 AM, Gunnar Wolf wrote: > Hi all, ..
> > And the main reason I am writing this mail: SKS listings all show this > 32-bit ID only. It does differentiate when keys collide on their short > keyids, but it promotes users using a weak representation; IMO we > should change SKS to show either long keyids or the full fingerprint. > You can't trust the output from keyservers for this data to begin with, so at this point it is moot, you need to download the key in question and perform your own calculation of the fingerprint as part of a bilateral exchange of information out of band to validate the key. PS, although the short keyid is used in listing, the 64 bit long keyid is used for cross-references, this is a convenience factor and not related to any security (as keyservers doesn't provide any, users have to) -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP certificate at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "We all die. The goal isn't to live forever, the goal is to create something that will." (Chuck Palahniuk)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
