Package: signing-party Version: 2.3-1 Severity: wishlist File: /usr/bin/caff Usertags: openpgp short-keyid
caff currently allows users to pass short key IDs on the command-line. In order to avoid people signing keys without checking the fingerprint matches, it would be great if caff were to require the full fingerprint on the command-line, unless a --unsafe option is enabled. The 32-bit subset of the fingerprint known as a short key ID has long been considered to be insecure and this has been now shown to be the case: http://gwolf.org/node/4070 http://evil32.com/ -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part