FAQ maintenance

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Feb 26 03:45:48 CET 2016

On Thu 2016-02-25 09:50:57 -0500, Kristian Fiskerstrand <kristian.fiskerstrand at sumptuouscapital.com> wrote:
> Well, it depends. Sure, should always use full fingerprint for
> certificate validation etc, no question asked. But the internal keyid
> and the packet structure use 64 bit keyid as identifier

I consider it a bug that GnuPG uses the 64-bit keyid as the internal
identifier, and that the packet structure uses the 64-bit keyid as well.
there's simply no justification for "saving those bits" on any modern
hardware.  We shouldn't embed the assumption that these limits will be
permanent in our documentation.

> so using fingerprint in quite a number of other cases is more resource
> intensive without necessarily improving too much (in particular in
> cases where action from yourself is required, default key for signing
> etc).

Why is it more resource intensive?  the user will be copying and pasting
this string one way or another, we should have them copy/pasting
something cryptographically strong, not something that is marginal and
only getting weaker with time.


More information about the Gnupg-users mailing list