Opened 7 years ago

Closed 6 years ago

#6373 closed enhancement (wontfix)

use long gpg ids instant of short gpg ids

Reported by: proper Owned by: phobos
Priority: Medium Milestone:
Component: Webpages/Website Version:
Severity: Keywords:
Cc: proper Actual Points:
Parent ID: #5996 Points:
Reviewer: Sponsor:

Description

https://www.torproject.org/docs/verifying-signatures.html.en

Gpg short ids are not safe.
http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html

Instant of

gpg.exe --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x63FEE659

suggest

gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 8738A680B84B3031A630F2DB416F061063FEE659

I suppose people who do this, know copy and paste.

This stops anyone from posting a key to the keyserver with the same short id 0x63FEE659.

Child Tickets

Change History (3)

comment:1 Changed 7 years ago by phobos

As a safety, we do list the entire fingerprint of the keys on that page.

comment:2 Changed 7 years ago by proper

Parent ID: #5996

comment:3 Changed 6 years ago by phobos

Resolution: wontfix
Status: newclosed

The full fingerprint is there. if someone is really excited to do this, please submit a patch.

Note: See TracTickets for help on using tickets.