use full gpg fingerprint
der.hans
PLUGd at LuftHans.com
Thu Jun 9 09:48:38 MST 2016
moin moin,
we've known that collisions could happen on short key ID for pgp/gpg, now
we have some collisions in the wild and at least one tool is using short
key IDs to find (un)trust(worthy) paths between keys.
http://gwolf.org/node/4070
SCaLE uses the full fingerprint for key-signing parties. PLUG does as
well. In my experience that's always been expected.
Adjust your config to make sure WoT checks also use full fingerprint.
ciao,
der.hans
--
# http://www.LuftHans.com/ http://www.PhxLinux.org/
# "Just because it can be exploited doesn't mean it's a weakness" -- der.hans
More information about the PLUG-discuss
mailing list