[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached |
|
Date: |
Sat, 4 Jun 2016 00:48:03 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 |
On 06/04/2016 12:43 AM, Gunnar Wolf wrote:
> Hi all,
..
>
> And the main reason I am writing this mail: SKS listings all show this
> 32-bit ID only. It does differentiate when keys collide on their short
> keyids, but it promotes users using a weak representation; IMO we
> should change SKS to show either long keyids or the full fingerprint.
>
You can't trust the output from keyservers for this data to begin with,
so at this point it is moot, you need to download the key in question
and perform your own calculation of the fingerprint as part of a
bilateral exchange of information out of band to validate the key.
PS, although the short keyid is used in listing, the 64 bit long keyid
is used for cross-references, this is a convenience factor and not
related to any security (as keyservers doesn't provide any, users have to)
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP certificate at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"We all die. The goal isn't to live forever, the goal is to create
something that will."
(Chuck Palahniuk)
signature.asc
Description: OpenPGP digital signature