gpg --recv-key option

L. Sassaman rabbi@quickie.net
Fri, 24 Mar 2000 15:05:50 -0800 (PST)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Huh? What kind of security issues are you refering to? I know of no
security gained by requiring the user to open a web browser, search by the
{email,lastname,firstname,anything but the keyid}, and then paste the
keyid into the terminal and receive the key that way. It is just more work
and added hassle for the user.

By the way, the standard bit-size keyids aren't secure. Check out "gpg
- --recv-key 0xDEADBEEF" if you want an example.


- -Len.

On Fri, 24 Mar 2000, Marius Strom wrote:


> Searching by {email,lastname,firstname,anything but the keyid} is very
> susceptible to security issues, IMHO. I think taking the extra step to
> getting the KeyID is a "good thing"(tm).
>
> --
> Marius Strom <marius@alpha1.net>
> Professional Geek/Unix System Administrator
> Alpha1 Internet <http://www.alpha1.net>
> http://www.marius.org/marius.pgp 0x42C74CBA
>
> In theory, there is no difference between theory and practice...
> ...In practice, there is a big difference.
>
> On Fri, 24 Mar 2000, Jason Helfman wrote:
>
> > this is my point exactly....!!!!
> >
> > you have to know the hex. And this is not a friendly search for gpg...
> > you should be able to search by email address, last name and hex....
> >
> >
> >
> > ----- Original Message -----
> > From: "Patrick J. Lawrence" <pjlawrence@ucdavis.edu>
> > Date: Friday, March 24, 2000 1:30 pm
> > Subject: Re: gpg --recv-key option
> >
> > > > So this can't be done via the shell, if this is what I am
> > > seeing? I
> > > > know that you can do this with pgp6...
> > >
> > > Yes, you can. To get Marius' key:
> > >
> > > gpg --keyserver pgp.mit.edu --recv-keys 42C74CBA
> > >
> > > Pat
> > > --
> > > Patrick Lawrence
> > > Distributed Computing Analysis and Support
> > > University of California at Davis
> > >
> > ---
> > /helfman
> > "At any given moment, you may find the ticket to the circus that has
> > always been in your possession."
> >
> > Fingerprint: 2F76 2856 776A 3E07 9F3E 452A 17D9 9B28 D75E 0A36
> > GnuPG http://www.gnupg.org Get Private!
> >
>
__ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE42/TVPYrxsgmsCmoRAoGkAJwJXdw7MJWg7yIqTuTLA42/HcGw7gCgnzci 6WUsDPyxQ1wDEUuH8LkRkbE= =O+oK -----END PGP SIGNATURE-----