* Paul Wise: > In addition to the user expectations issues Andrew mentions, it isn't > too hard to imagine attacks that take advantage of colliding key-ids, > blind key imports by gpg and tools/users that only look at key-ids. > > http://www.asheesh.org/note/debian/short-key-ids-are-bad-news
The recommendation to rely on 64 bit key IDs is rather questionable because V3 keys allow cheap construction of 64-bit key ID duplicates: <http://www.ietf.org/mail-archive/web/openpgp/current/msg00373.html> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
