-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/25/2016 02:38 PM, Peter Lebbing wrote: > (If this feels like droning on to you, just stop reading and go do > something fun!) > > On 2016-02-25 14:25, Kristian Fiskerstrand wrote: >> Now, the real question discussed here though isn't really >> collission but preimage attack, that is a different story and far >> more difficult :) > > Thanks for the link! But my approach to it wasn't really from "is > it a problem in practice" but more "should this be the advice we > give" and "what's wrong with just using the fingerprint and be done > with it forever". We always tell users to use the fingerprint if > they need to be sure of authenticity. Or if I'm mistaken about > that, I think we should. >
Well, it depends. Sure, should always use full fingerprint for certificate validation etc, no question asked. But the internal keyid and the packet structure use 64 bit keyid as identifier, so using fingerprint in quite a number of other cases is more resource intensive without necessarily improving too much (in particular in cases where action from yourself is required, default key for signing etc). - -- - ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aquila non capit muscas The eagle does not hunt flies -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJWzxTNAAoJECULev7WN52FJFsIAKiJj4s233uBIXQ8quGpD8Gz MV7QqCJwPPaxZC4OIQzIP8pDN/vGcs8diGEdwouuPOsX8Q8Y8TUMUXxzgb2HpUQD /sPk/VWneAsIe9H64nAIBMAYtObWNuTLeciy+e5coLjq0YdlpuK3sklNMS3RcQ9/ a1J9hCvpKEyFClEvlK/MY9iUXyG6TreHKfLlN606f0Ui/4em3tqJNnitrwCeYQPJ XSsLeR+G3nhGsbKE3kJWLDQjwkJvGdRkJRQqaIk21d5malJ6zXT4dHMactMKvvoF 0xEgZXkgyqyNWGNFe+DgacLhlji0KEHwinBeFsWjOZH1+mQZiuKv5gMv6scwvKk= =nhfW -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
