Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild

To: debian-devel@lists.debian.org
Subject: Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
From: Carlos Alberto Lopez Perez <clopez@igalia.com>
Date: Wed, 10 Aug 2016 16:18:03 +0200
Message-id: <[🔎] 57AB379B.9040309@igalia.com>
In-reply-to: <[🔎] 20160810131948.GA20126@var.home>
References: <[🔎] 20160809224743.GZ6224@var.home> <[🔎] 20160810102609.GA11598@layer-acht.org> <[🔎] 22443.1121.66705.655304@chiark.greenend.org.uk> <[🔎] 2ee796d3a04f9a124dfb28c796d19049@mail.adam-barratt.org.uk> <[🔎] 22443.5699.799458.307480@chiark.greenend.org.uk> <[🔎] 0811b532911f19a276f1d5370346f979@mail.adam-barratt.org.uk> <[🔎] 22443.8657.418506.957104@chiark.greenend.org.uk> <[🔎] 20160810131948.GA20126@var.home>

On 10/08/16 15:19, Samuel Thibault wrote:
> Ian Jackson, on Wed 10 Aug 2016 13:45:05 +0100, wrote:
>> Adam D. Barratt writes ("Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild"):
>>> [explanation]
>>
>> Thanks.
>>
>> I don't know what side of this (one) line such a proposed gpg change
>> falls.  I still think it's unsatisfactory that our stable release has
>> a default behaviour which cannot be used safely.
> 
> Well, I'd argue that 64bit IDs are not safe either, they have not been
> made to be.
> 
> Samuel
> 
> 

Upstream has introduced -keyid-format=none which shows the full fingerprint,
and then made it the default.

Issue: [default to --with-fingerprint, introduce --without-fingerprint]
https://bugs.gnupg.org/gnupg/issue2379

Commit: [gpg: Implement --keyid-format=none.]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=b047388

Commit: [gpg: Use --keyid-format=none by default.]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7257ea2


This seems much safer than 64bit IDs.


Maybe a backport of this is feasible?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Re: Key collisions in the wild
  - From: Samuel Thibault <sthibault@debian.org>
- use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Holger Levsen <holger@layer-acht.org>
- use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
  - From: Samuel Thibault <sthibault@debian.org>

Prev by Date: Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
Next by Date: Re: Key collisions in the wild
Previous by thread: Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
Next by thread: Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
Index(es):
- Date
- Thread