Package: enigmail
Version: 2:
Severity: important
Tags: security

When clicking on "Download missing keys" in the "Enigmail Key
Selection" window, a new window "Download OpenPGP Keys" appears. It
shows the columns, "Account / User ID", "Created", and "Key ID".
Unfortunately, the latter shows only short Key IDs, which should
not be used anywhere, because they are too easy to forge. This can
affect the privacy of conversation, if accidently a forged key is
selected, based on short Key ID only.

Please use at least the long Key ID or, mabye better, even the
complete fingerprint. This affects all uses of the short Key ID,
whereever it might appear.

Pkg-mozext-maintainers mailing list

Reply via email to