[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] using full fingerprint instead of keyid for internal lin
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] using full fingerprint instead of keyid for internal links |
|
Date: |
Tue, 8 Sep 2015 08:05:55 +0200 |
[Sent from my iPad, as it is not a secured device there are no cryptographic
keys on this device, meaning this message is sent without an OpenPGP signature.
In general you should *not* rely on any information sent over such an unsecure
channel, if you find any information controversial or un-expected send a
response and request a signed confirmation]
> On 08 Sep 2015, at 03:16, Daniel Kahn Gillmor <address@hidden> wrote:
>
> hey all--
Hi Daniel,
>
> i've noticed that sks search= pages produce internal links for get=
> pages that use key IDs instead of full fingerprints.
>
> I think that key IDs are a bad idea pretty much anywhere they show up
> [0]. Would anyone have any objection to producing internal links that
> use full fingerprints instead of key IDs?
From a security point of view a collission here doesn't matter, since the user
is anyways required to validate the key out of band and certify it before it is
used.
That said, I don't see any issue with it as long as it only touches the link to
get, if it is a broader change (e.g for all internal references) I'd be worried
about performance impact since RFC4880 uses long keyid as reference.
KF