Gentoo Archives: gentoo-project

From: "Michał Górny" <mgorny@g.o>
To: gentoo-project@l.g.o
Cc: phajdan.jr@g.o
Subject: Re: [gentoo-project] let's stop using short gpg key ids, that's insecure
Date: Thu, 05 Jan 2012 18:21:09
Message-Id: 20120105192155.077e8851@pomiocik.lan
In Reply to: Re: [gentoo-project] let's stop using short gpg key ids, that's insecure by "Paweł Hajdan
On Thu, 05 Jan 2012 18:57:35 +0100
""Paweł Hajdan, Jr."" <phajdan.jr@g.o> wrote:

> On 1/2/12 6:17 PM, Michał Górny wrote: > > Insecure to what? > > It's easy to confuse keys that way. I'm not saying that it results in > an immediate compromise or that it's urgent, but if we can make it > harder to confuse keys, why not do that?
I don't say that we should or shouldn't do that. I just say that we shouldn't say it will improve any kind of 'security'.
> > The trust model of PGP is not based on key > > IDs. The short IDs are only used to let users grab our keys at will; > > and as the blog post shows, GPG handles repeating key IDs just fine. > > Do all developer keys have at least one signature of some other key? > In the absence of signatures (and how does the user verify that those > have been made by developers?), what users have is our list of short > key IDs.
And how can they verify that list? I don't think there's a reason to trust it, and I don't think most of us care about it at all. -- Best regards, Michał Górny


File name MIME type
signature.asc application/pgp-signature