Package: enigmail Version: 2:1.9.8.1-1~deb9u1 Severity: important Tags: security
When clicking on "Download missing keys" in the "Enigmail Key Selection" window, a new window "Download OpenPGP Keys" appears. It shows the columns, "Account / User ID", "Created", and "Key ID". Unfortunately, the latter shows only short Key IDs, which should not be used anywhere, because they are too easy to forge. This can affect the privacy of conversation, if accidently a forged key is selected, based on short Key ID only. Please use at least the long Key ID or, mabye better, even the complete fingerprint. This affects all uses of the short Key ID, whereever it might appear. _______________________________________________ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers
