[PATCH] Disable importing V3 public keys from keyservers
David Leon Gil
coruus at gmail.com
Fri Oct 10 15:00:24 CEST 2014
On Fri, Oct 10, 2014 at 2:33 AM, Nicholas Cole <nicholas.cole at gmail.com> wrote:
> What's the thinking behind this patch?
There's little point in having a filter for long keyids if GnuPG will
import V3 keys from a keyserver; V3 long (and short) keyids are
trivially spoofable. (The 0xdeadbeef "attack".)
V3 keys make up fewer than 3% of the keys in SKS and are mostly very,
very old. A patch with slightly less impact: Only allow V3 keys if a
V3 fingerprint is given.
More information about the Gnupg-devel
mailing list