[Pkg-gnupg-maint] Bug#725411: gnupg: gpg blindly imports keys from keyserver responses
Paul Wise
pabs at debian.org
Sat Aug 23 17:00:39 UTC 2014
In addition to the user expectations issues Andrew mentions, it isn't
too hard to imagine attacks that take advantage of colliding key-ids,
blind key imports by gpg and tools/users that only look at key-ids.
http://www.asheesh.org/note/debian/short-key-ids-are-bad-news
--
bye,
pabs
http://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20140823/6198ee84/attachment.sig>
More information about the Pkg-gnupg-maint
mailing list