Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated OpenPGP Security (markdown)

Dominik Schürmann 2015-09-29 10:30:21 +02:00
parent b5c74b3f78
commit 60ca894a9c
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
OpenPGP-Security.md

@ -52,7 +52,9 @@ No real argument here. Just shows that OpenPGP is complex.
TODO: Yes we must do this. Important TODO
## No support for Image Attribute Subpackets
In about 99% of all use cases there are better photos to be found in Android's contact database. Photos are displayed only if a key has been confirmed, otherwise this could lead the user into a false sense of security.
In about 99% of all use cases there are better photos to be found in Android's contact database. Photos from Android's contact database are displayed only if a key has been confirmed, otherwise this could lead the user into a false sense of security. It is also not clear what a certification of an Image Attribute Subpacket would semantically mean. This is not specified in RFC 4880. Other applications such as [Kleopatra](https://www.kde.org/applications/utilities/kleopatra/) also doesn't support this subpackets.
## Key IDs aren't displayed
* Short key IDs (last 32 bits of the key's fingerprint) are trivially to replicate via a [preimage attack](https://en.wikipedia.org/wiki/Preimage_attack).