From gnupg-users Fri Mar 01 16:06:09 2024 From: Ingo =?ISO-8859-1?Q?Kl=F6cker?= Date: Fri, 01 Mar 2024 16:06:09 +0000 To: gnupg-users Subject: Re: On the security of ~/.password-store/.gpg-id [was: Re: Second OpenPGP-card] Message-Id: <1883763.tdWV9SEqCh () daneel> X-MARC-Message: https://marc.info/?l=gnupg-users&m=170931171416292 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============1585245512058812183==" --===============1585245512058812183== Content-Type: multipart/signed; boundary="nextPart2179394.irdbgypaU6"; micalg="pgp-sha512"; protocol="application/pgp-signature" --nextPart2179394.irdbgypaU6 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii"; protected-headers="v1" From: Ingo =?ISO-8859-1?Q?Kl=F6cker?= To: gnupg-users@gnupg.org Date: Fri, 01 Mar 2024 17:06:09 +0100 Message-ID: <1883763.tdWV9SEqCh@daneel> In-Reply-To: <87plwf81ih.fsf@fifthhorseman.net> MIME-Version: 1.0 On Donnerstag, 29. Februar 2024 21:21:42 CET Daniel Kahn Gillmor wrote: > human-readable names for certificates. But i don't see how to use that > safely while dealing with GnuPG's risky implementation choices here. Allowing recipients to be specified by email address (or some other part of a user ID) was inherited from PGP. And I guess it's part of the reason for the success of PGP (and GnuPG) that one could specify keys of recipients by email addresses instead of by hard to remember key IDs (when those could still be considered unique) or by impossible to remember fingerprints (or by file name as sequoia-pgp seems to prefer). Calling this a risky implementation choice of GnuPG is ridiculous. If anything then it's a risky implementation choice of pass to allow using anything other than a fingerprint in ~/.password-store/.gpg-id. Regards, Ingo --nextPart2179394.irdbgypaU6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQTbjgIOMowwlCBgvyGxb1mVFkdKugUCZeH88QAKCRCxb1mVFkdK ulnQAP4jjiWpj+IZHK6n5OpWkeGkjDLIoOwkCia4Sjz8JE59dgEAqqk+iOOvxrK1 SmjR4/7pCZV9+cSIbOehc2U4NJFVnAk= =ACM1 -----END PGP SIGNATURE----- --nextPart2179394.irdbgypaU6-- --===============1585245512058812183== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users --===============1585245512058812183==--