Fingerprints and Key-IDs - Was: [PATCH] avoid publishing the GnuPG version by default
ilf
ilf at zeromail.org
Thu Aug 11 13:08:34 CEST 2016
Ben McGinnes:
> That being the case, though, why such concern for removing long or
> short? The same thing already provides what you want, except for the
> spaces and the likelihood of breaking third party code.
No user should be exposed to key-id short or long, only fingerprints.
This is the case in default 2.1.14.
But to transition away from the long-time default key-id short, we've
been telling people to use "key-id long" and "fingerprint", see
https://riseup.net/en/security/message-security/openpgp/best-practices#dont-rely-on-the-key-id
For 1.4, 2.0 and <2.1.14, this is still the way to go.
But with 2.1.14, this changes and no "key-id" and no "fingerprint" is
best. That's default, good. But that doesn't change existing configs.
So my proposal is to always add the fingerprint in the line after
key-id, regardless of that being none, short or long.
--
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: </pipermail/attachments/20160811/4366db55/attachment.sig>
More information about the Gnupg-devel
mailing list