On 17.12.16 10:01, vv01f wrote: > On 17.12.2016 09:52, Nico wrote: >> But there is no way for me to check the full fingerprint. I first need >> to import/download the key and then i can validate it. If it would be >> shown directly with the full length, that'd be simpler and more secure. >> Another option would be to add a hover text with the full fingerprint. > > There is no such problem: > > https://pgp.mit.edu/pks/lookup?search=0x48B660CA&op=index&fingerprint=on > > just tell you want to knwo the fingerprint and the keyserver might tell > you. and later after import check another time, as the connection could > have been intercepted (X.509 and/or TLS aint perfect as well).
This is a practicable workaround. But: Enigmail claims to be a comprehensive user interface. As such, we should display at least the long key-Id or better the fingerprint instead of the short prior to importing. https://sourceforge.net/p/enigmail/bugs/316/ Ludwig
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
