On 12/17/2016 02:20 AM, Robert J. Hansen wrote: >> If you download keys from the keyserver you can select multiple >> identities. A very short fingerprint is shown. Why it is not a good idea >> can be found here: >> https://lkml.org/lkml/2016/8/15/445 > You have misunderstood the article you're citing. It says do not use > anything short of a full fingerprint for determining authenticity; it > says nothing about using short IDs to search the keyserver. > > Retrieve the certificate using the short ID, use the fingerprint to > verify it, and if the fingerprint doesn't check out inform the > certificate owner there's something amiss. > > _______________________________________________ > enigmail-users mailing list > [email protected] > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
But there is no way for me to check the full fingerprint. I first need to import/download the key and then i can validate it. If it would be shown directly with the full length, that'd be simpler and more secure. Another option would be to add a hover text with the full fingerprint. _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
