In addition to the user expectations issues Andrew mentions, it isn't too hard to imagine attacks that take advantage of colliding key-ids, blind key imports by gpg and tools/users that only look at key-ids.
http://www.asheesh.org/note/debian/short-key-ids-are-bad-news -- bye, pabs http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
