www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Created] (INFRA-12041) id.apache.org should insist on full fingerprints
Date Sat, 04 Jun 2016 12:29:59 GMT
Sebb created INFRA-12041:
----------------------------

             Summary: id.apache.org should insist on full fingerprints
                 Key: INFRA-12041
                 URL: https://issues.apache.org/jira/browse/INFRA-12041
             Project: Infrastructure
          Issue Type: Improvement
          Components: Selfserve
            Reporter: Sebb


The id.apache.org service currently allows just about anything in the asf-pgpKeyFingerprint
field.

Since 32-bit short keys have been shown to be non-unique, and spoofable [1], the service should
only allow fingerprints.

[1] http://gwolf.org/node/4070



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message