[Pkg-mozext-maintainers] Bug#873926: enigmail: show short Key ID, where it should be long Key ID or fingerprint

W. Martin Borgert debacle at debian.org
Fri Sep 1 09:48:37 UTC 2017


Package: enigmail
Version: 2:1.9.8.1-1~deb9u1
Severity: important
Tags: security

When clicking on "Download missing keys" in the "Enigmail Key
Selection" window, a new window "Download OpenPGP Keys" appears. It
shows the columns, "Account / User ID", "Created", and "Key ID".
Unfortunately, the latter shows only short Key IDs, which should
not be used anywhere, because they are too easy to forge. This can
affect the privacy of conversation, if accidently a forged key is
selected, based on short Key ID only.

Please use at least the long Key ID or, mabye better, even the
complete fingerprint. This affects all uses of the short Key ID,
whereever it might appear.



More information about the Pkg-mozext-maintainers mailing list