Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild

To: debian-devel@lists.debian.org
Subject: Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
From: Christian Seiler <christian@iwakd.de>
Date: Wed, 10 Aug 2016 15:57:14 +0200
Message-id: <[🔎] 6a91db3c-b128-4b5b-907b-d487ad61816a@iwakd.de>
In-reply-to: <[🔎] 20160810134414.GO20126@var.home>
References: <[🔎] 20160809224743.GZ6224@var.home> <[🔎] 20160810102609.GA11598@layer-acht.org> <[🔎] 22443.1121.66705.655304@chiark.greenend.org.uk> <[🔎] 2ee796d3a04f9a124dfb28c796d19049@mail.adam-barratt.org.uk> <[🔎] 22443.5699.799458.307480@chiark.greenend.org.uk> <[🔎] 0811b532911f19a276f1d5370346f979@mail.adam-barratt.org.uk> <[🔎] 22443.8657.418506.957104@chiark.greenend.org.uk> <[🔎] 20160810131948.GA20126@var.home> <[🔎] 8db4d32d-183c-0ebe-ad40-415354b16d9e@iwakd.de> <[🔎] 20160810134414.GO20126@var.home>

On 08/10/2016 03:44 PM, Samuel Thibault wrote:
> Christian Seiler, on Wed 10 Aug 2016 15:37:43 +0200, wrote:
>> On 08/10/2016 03:19 PM, Samuel Thibault wrote:
>>> Ian Jackson, on Wed 10 Aug 2016 13:45:05 +0100, wrote:
>>>> Adam D. Barratt writes ("Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild"):
>>>>> [explanation]
>>>>
>>>> Thanks.
>>>>
>>>> I don't know what side of this (one) line such a proposed gpg change
>>>> falls.  I still think it's unsatisfactory that our stable release has
>>>> a default behaviour which cannot be used safely.
>>>
>>> Well, I'd argue that 64bit IDs are not safe either, they have not been
>>> made to be.
>>
>> Can we even consider key fingerprints safe in the long run?
> 
> Well, I'd say that in the end people *have* to cryptographically check
> the signatures, and not trust fingerprints.

Every key signing I've done so far has relied on verifying that the
fingerprint matches in some way or another.

> Thinking about it, I'd say we could even instead *shorten* the default
> ID to 16bit, so that people will hopefully simply just not trust them at
> all. For practical uses, 16bit hashing is enough to manage one's public
> keyring.

>From my experience with how UX works in practice, I think this will
not work at all and be rather counter-productive. I think Ian's
proposal to use 64bit for now as a stop-gap measure is actually
the best short-term solution to increase security.

Regards,
Christian

Reply to:

References:
- Re: Key collisions in the wild
  - From: Samuel Thibault <sthibault@debian.org>
- use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Holger Levsen <holger@layer-acht.org>
- use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Samuel Thibault <sthibault@debian.org>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Christian Seiler <christian@iwakd.de>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Samuel Thibault <sthibault@debian.org>

Prev by Date: Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
Next by Date: Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
Previous by thread: Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
Next by thread: Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
Index(es):
- Date
- Thread