FAQ maintenance

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/25/2016 02:38 PM, Peter Lebbing wrote:
> (If this feels like droning on to you, just stop reading and go do 
> something fun!)
> 
> On 2016-02-25 14:25, Kristian Fiskerstrand wrote:
>> Now, the real question discussed here though isn't really
>> collission but preimage attack, that is a different story and far
>> more difficult :)
> 
> Thanks for the link! But my approach to it wasn't really from "is
> it a problem in practice" but more "should this be the advice we
> give" and "what's wrong with just using the fingerprint and be done
> with it forever". We always tell users to use the fingerprint if
> they need to be sure of authenticity. Or if I'm mistaken about
> that, I think we should.
> 

Well, it depends. Sure, should always use full fingerprint for
certificate validation etc, no question asked. But the internal keyid
and the packet structure use 64 bit keyid as identifier, so using
fingerprint in quite a number of other cases is more resource
intensive without necessarily improving too much (in particular in
cases where action from yourself is required, default key for signing
etc).

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Aquila non capit muscas
The eagle does not hunt flies
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJWzxTNAAoJECULev7WN52FJFsIAKiJj4s233uBIXQ8quGpD8Gz
MV7QqCJwPPaxZC4OIQzIP8pDN/vGcs8diGEdwouuPOsX8Q8Y8TUMUXxzgb2HpUQD
/sPk/VWneAsIe9H64nAIBMAYtObWNuTLeciy+e5coLjq0YdlpuK3sklNMS3RcQ9/
a1J9hCvpKEyFClEvlK/MY9iUXyG6TreHKfLlN606f0Ui/4em3tqJNnitrwCeYQPJ
XSsLeR+G3nhGsbKE3kJWLDQjwkJvGdRkJRQqaIk21d5malJ6zXT4dHMactMKvvoF
0xEgZXkgyqyNWGNFe+DgacLhlji0KEHwinBeFsWjOZH1+mQZiuKv5gMv6scwvKk=
=nhfW
-----END PGP SIGNATURE-----