Question for app developers, like Enigmail etc. - Identicons

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Sun Jun 4 20:29:31 CEST 2017


On 06/04/2017 11:21 AM, Stefan Claas wrote:
> The reason why i ask, i started to use Thunderbird with Enigmail and
> Enigmail shows me always Untrusted Good Signature with a 32bit key ID,
> when i have not carefully verified the persons pub key and --lsign'ed
> the pub-key. Showing only the long key id or the complete fingerprint
> is imho more difficult to quickly memorize than an additionial shown
> identicon (computed from the fingerprint).

I'm likely missing something there, but if having a reasonable assurance
the public keyblock in question should likely be lsigned by a local
CAkey anyways? Doing a manual graphical verification doesn't seem to
provide anythin in terms of security here.

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Bene diagnoscitur, bene curatur
Something that is well diagnosed can be cured well

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170604/6d9aac11/attachment-0001.sig>


More information about the Gnupg-users mailing list