[Sks-devel] Long keyids (64-bit) instead of short (32-bit)?

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Long keyids (64-bit) instead of short (32-bit)?

From:	Gunnar Wolf
Subject:	[Sks-devel] Long keyids (64-bit) instead of short (32-bit)?
Date:	Wed, 25 Jan 2017 13:04:03 -0600
User-agent:	Mutt/1.5.23 (2014-03-12)

Hi,

When queried for a key, SKS answers with just the short keyid — Just
32 bits. In my case, just "C1DB921F". We have already been "attacked"
(each of us will say whether it's a true attack or just an academic
excercise) by the Evil32 keyring.

Even more, as keys are presented in reverse creation time order,
naturally, Evil32 keys are always presented before the keys they
"cloned". Fortunately, yes, they have all been revoked.

Anyway — I was looking for a way to make SKS present 64-bit long
keyids (say, 673A03E4C1DB921F) instead of only 32-bit ones — Not only
for the two keys to be clearly different, but to help get our users to
change their mindset and identify long keyids as the default. I know
that is still not optimal and that there is a long discussion in that
regard, but it is clearly better than an easily forgeable 32-bit ID.

Any ideas on how to do this? Is it a configurable option even (or
should we expect this change only for a new release)?

Thanks!

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Long keyids (64-bit) instead of short (32-bit)?, Gunnar Wolf <=
- Re: [Sks-devel] Long keyids (64-bit) instead of short (32-bit)?, Kristian Fiskerstrand, 2017/01/25
- Re: [Sks-devel] Long keyids (64-bit) instead of short (32-bit)?, Phil Pennock, 2017/01/25

Prev by Date: Re: [Sks-devel] outage
Next by Date: [Sks-devel] Hiding revoked keys in generated webpages
Previous by thread: Re: [Sks-devel] outage
Next by thread: Re: [Sks-devel] Long keyids (64-bit) instead of short (32-bit)?
Index(es):
- Date
- Thread