[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild

On 10/08/16 15:19, Samuel Thibault wrote:
> Ian Jackson, on Wed 10 Aug 2016 13:45:05 +0100, wrote:
>> Adam D. Barratt writes ("Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild"):
>>> [explanation]
>> Thanks.
>> I don't know what side of this (one) line such a proposed gpg change
>> falls.  I still think it's unsatisfactory that our stable release has
>> a default behaviour which cannot be used safely.
> Well, I'd argue that 64bit IDs are not safe either, they have not been
> made to be.
> Samuel

Upstream has introduced -keyid-format=none which shows the full fingerprint,
and then made it the default.

Issue: [default to --with-fingerprint, introduce --without-fingerprint]

Commit: [gpg: Implement --keyid-format=none.]

Commit: [gpg: Use --keyid-format=none by default.]

This seems much safer than 64bit IDs.

Maybe a backport of this is feasible?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: