howto secure older keys after the recent attacks
David Shaw
dshaw at jabberwocky.com
Fri Sep 11 04:52:39 CEST 2009
On Sep 10, 2009, at 5:44 PM, Philippe Cerfon wrote:
> On Thu, Sep 10, 2009 at 10:21 PM, Robert J. Hansen <rjh at sixdemonbag.org
> > wrote:
>> I understood him to mean the "key ID" as the fingerprint of the
>> certificate's primary signing key, rather than checking each bit of
>> the
>> certificate's primary signing key individually.
>
> I meant the fingerprint, yes.
> But now that you say it. Would it be "better" to not just check other
> keys via their fingerprint, but to really copy them (e.g. per
> USB-stick) from their owners and sign only such direct copies?
I suspect you are more in danger of being hit by meteors several times
in a row as you walk to your friend's house with the USB stick, than
you are in danger from SHA-1.
:)
David
More information about the Gnupg-users
mailing list