Use full fingerprints for search and display

Issue #44 new
created an issue

Currently SKS shows short key ids when you display keys and long key ids when you search (such as <= long key id).

Unfortunately - while most users should manually check full fingerprint and signatures of keys, this does encourage bad behavior such as trusting the short or long key id you're looking for is the correct key.

It would be safer to display the full fingerprint at all times (and certainly to use it for searches).

If proof is needed - recently, ran a proof of concept and uploaded short key-id collisions to all keys in the strong set. Doing so for long key-id is more time consuming though not impossible, specially for single keys.

I did encounter users that blindly trusted the short keyid and wondered why the keys were revoked ( revoked all short-key ids they collided with before uploading) - if these were a real attacker, they'd have trusted the key (which again, is the user's mistake - but this is really encouraging this kind of error)

I'm leaving this with the default priority of major as I believe making this a default would greatly help users, though I'm sure there's different opinions.

Comments (0)

  1. Log in to comment