[pkg-gnupg-maint] Bug#826273: Bug#826273: Bug#826273: gnupg2: Defaults to using insecure short key IDs (32 bits)

Werner Koch wk at gnupg.org
Sat Jun 4 08:59:27 UTC 2016


On Fri,  3 Jun 2016 23:06, dkg at fifthhorseman.net said:

> I've repeatedly suggested to upstream that we should change this default
> (in the software, not just in gpg-conf.skel), but it hasn't happened
> yet.  see the changes i've posted here:

Although parsing of the huiman readable output of gpg is strongly
discouraged, I know that lot of scripts do it anyway.  Breaking the
default format will thus break the scripts.  Whether this is good or bad
would trigger a long discussion.

The default format in 2.1 has changed anyway, thus we are free to
further change it.  This will definitely happen before we release 2.2.
I do not plan to change the _default_ format for 1.4 or 2.0.

> So i'd actually be happier with "keyid-format none" or "keyid format
> fingerprint" [1] than with "keyid-format long" but i agree that "long"
> or "0xlong" is still superior to the current situation.
 
The long format can be justified because that is what the OpenPGP
protocol uses at some places.  (A historical reason for showing the keyid
and the fingerprint is that the keyid of PGP-2 keys (v3 keys) cannot be
derived from a v3 fingerprint.)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: https://alt-hochdahl.de/haus */



More information about the pkg-gnupg-maint mailing list