1 |
On Thu, 05 Jan 2012 18:57:35 +0100 |
2 |
""Paweł Hajdan, Jr."" <phajdan.jr@g.o> wrote: |
3 |
|
4 |
> On 1/2/12 6:17 PM, Michał Górny wrote: |
5 |
> > Insecure to what? |
6 |
> |
7 |
> It's easy to confuse keys that way. I'm not saying that it results in |
8 |
> an immediate compromise or that it's urgent, but if we can make it |
9 |
> harder to confuse keys, why not do that? |
10 |
|
11 |
I don't say that we should or shouldn't do that. I just say that we |
12 |
shouldn't say it will improve any kind of 'security'. |
13 |
|
14 |
> > The trust model of PGP is not based on key |
15 |
> > IDs. The short IDs are only used to let users grab our keys at will; |
16 |
> > and as the blog post shows, GPG handles repeating key IDs just fine. |
17 |
> |
18 |
> Do all developer keys have at least one signature of some other key? |
19 |
> In the absence of signatures (and how does the user verify that those |
20 |
> have been made by developers?), what users have is our list of short |
21 |
> key IDs. |
22 |
|
23 |
And how can they verify that list? I don't think there's a reason to |
24 |
trust it, and I don't think most of us care about it at all. |
25 |
|
26 |
-- |
27 |
Best regards, |
28 |
Michał Górny |