Re: [Tails-dev] An amusing tale of indeterminism

This message is part of the following thread:
Mthe complete thread tree sorted by date
M\maioral at <-
MManonym at ->
Delete this message

Reply to this message
Author: intrigeri
Date:  
To: maioral
CC: The Tails public development discussion list
Subject: Re: [Tails-dev] An amusing tale of indeterminism
maioral wrote (14 Nov 2012 17:26:24 GMT) :
> i downloaded a new tails sign key from your site and size is
> different, as verification also is

Comparing key exports just does not work: even if only the version of
GnuPG used to export the keys changes, the result won't be the same.

So, I'm happy to teach you that your comparison process is flawed,
which is actually good news :)

You're comparing two different exports of the same key.
The first is expired, the second is not.
Which means that the second has updated self-signatures.
Which implies that exporting these two keys cannot possibly create two
files of same size, and is highly unlikely to produce files with the
same hashes.

An easy and useful way to compare OpenPGP keys is to import them,
and compare fingerprint(s).

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Bookmarks persistence - help neededRe: [Tails-dev] An amusing tale of indeterminism->
lists.autistici.org administrated by postmasterLurker (version 2.3)