use full gpg fingerprint

der.hans PLUGd at LuftHans.com
Thu Jun 9 09:48:38 MST 2016


moin moin,

we've known that collisions could happen on short key ID for pgp/gpg, now
we have some collisions in the wild and at least one tool is using short
key IDs to find (un)trust(worthy) paths between keys.

http://gwolf.org/node/4070

SCaLE uses the full fingerprint for key-signing parties. PLUG does as
well. In my experience that's always been expected.

Adjust your config to make sure WoT checks also use full fingerprint.

ciao,

der.hans
-- 
#  http://www.LuftHans.com/        http://www.PhxLinux.org/
#  "Just because it can be exploited doesn't mean it's a weakness" -- der.hans


More information about the PLUG-discuss mailing list