On 10/08/16 15:19, Samuel Thibault wrote: > Ian Jackson, on Wed 10 Aug 2016 13:45:05 +0100, wrote: >> Adam D. Barratt writes ("Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild"): >>> [explanation] >> >> Thanks. >> >> I don't know what side of this (one) line such a proposed gpg change >> falls. I still think it's unsatisfactory that our stable release has >> a default behaviour which cannot be used safely. > > Well, I'd argue that 64bit IDs are not safe either, they have not been > made to be. > > Samuel > > Upstream has introduced -keyid-format=none which shows the full fingerprint, and then made it the default. Issue: [default to --with-fingerprint, introduce --without-fingerprint] https://bugs.gnupg.org/gnupg/issue2379 Commit: [gpg: Implement --keyid-format=none.] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=b047388 Commit: [gpg: Use --keyid-format=none by default.] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7257ea2 This seems much safer than 64bit IDs. Maybe a backport of this is feasible?
Description: OpenPGP digital signature