| 1 |
On Thu, 05 Jan 2012 18:57:35 +0100 |
| 2 |
""Paweł Hajdan, Jr."" <phajdan.jr@g.o> wrote: |
| 3 |
|
| 4 |
> On 1/2/12 6:17 PM, Michał Górny wrote: |
| 5 |
> > Insecure to what? |
| 6 |
> |
| 7 |
> It's easy to confuse keys that way. I'm not saying that it results in |
| 8 |
> an immediate compromise or that it's urgent, but if we can make it |
| 9 |
> harder to confuse keys, why not do that? |
| 10 |
|
| 11 |
I don't say that we should or shouldn't do that. I just say that we |
| 12 |
shouldn't say it will improve any kind of 'security'. |
| 13 |
|
| 14 |
> > The trust model of PGP is not based on key |
| 15 |
> > IDs. The short IDs are only used to let users grab our keys at will; |
| 16 |
> > and as the blog post shows, GPG handles repeating key IDs just fine. |
| 17 |
> |
| 18 |
> Do all developer keys have at least one signature of some other key? |
| 19 |
> In the absence of signatures (and how does the user verify that those |
| 20 |
> have been made by developers?), what users have is our list of short |
| 21 |
> key IDs. |
| 22 |
|
| 23 |
And how can they verify that list? I don't think there's a reason to |
| 24 |
trust it, and I don't think most of us care about it at all. |
| 25 |
|
| 26 |
-- |
| 27 |
Best regards, |
| 28 |
Michał Górny |
Archives