Updated OpenPGP Security (markdown)
parent
b5c74b3f78
commit
60ca894a9c
|
@ -52,7 +52,9 @@ No real argument here. Just shows that OpenPGP is complex.
|
|||
TODO: Yes we must do this. Important TODO
|
||||
|
||||
## No support for Image Attribute Subpackets
|
||||
In about 99% of all use cases there are better photos to be found in Android's contact database. Photos are displayed only if a key has been confirmed, otherwise this could lead the user into a false sense of security.
|
||||
In about 99% of all use cases there are better photos to be found in Android's contact database. Photos from Android's contact database are displayed only if a key has been confirmed, otherwise this could lead the user into a false sense of security. It is also not clear what a certification of an Image Attribute Subpacket would semantically mean. This is not specified in RFC 4880. Other applications such as [Kleopatra](https://www.kde.org/applications/utilities/kleopatra/) also doesn't support this subpackets.
|
||||
|
||||
|
||||
|
||||
## Key IDs aren't displayed
|
||||
* Short key IDs (last 32 bits of the key's fingerprint) are trivially to replicate via a [preimage attack](https://en.wikipedia.org/wiki/Preimage_attack).
|
||||
|
|
Loading…
Reference in New Issue