From: Molly de Blanc <molly@fsf.org>
Date: Fri, 15 Jun 2018 17:09:20 +0000 (-0400)
Subject: updated text around 8 digit key ids and full fingerprints, as well as the current... 
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=129ed1e39ece6ed0a5f6f4ba77eb21fbd942045e;p=enc.git

updated text around 8 digit key ids and full fingerprints, as well as the current version of enigmail.
---

diff --git a/en/index.html b/en/index.html
index b35804af..d4ff40cd 100644
--- a/en/index.html
+++ b/en/index.html
@@ -238,7 +238,7 @@ so, skip this step.</p>
 <p>If not, search "Enigmail" with the search bar in the upper right. You
 can take it from here. Restart your email program when you're done.</p>
 
-<p>Enigmail versions prior to 2.0.6 have serious security issues. Make sure to install version 2.0.6 or later. The current version is 2.0.6.1.</p>
+<p>Enigmail versions prior to 2.0.6 have serious security issues. Make sure to install version 2.0.6 or later.</p>
 
 <!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
 <div class="troubleshooting">
@@ -833,15 +833,15 @@ and choosing Key Properties. It's good practice to share your fingerprint
 wherever you share your email address, so that people can double-check that
 they have the correct public key when they download yours from a keyserver.</p>
 
-<p class="notes">You may also see public keys referred to by their key ID,
-which is simply the last eight digits of the fingerprint, like C09A61E8 for
-Edward. The key ID is visible directly from the Key Management window. This
-key ID is like a person's first name (it is a useful shorthand but may not be
-unique to a given key), whereas the fingerprint actually identifies the key
-uniquely without the possibility of confusion. If you only have the key ID,
-you can still look up the key (as well as its fingerprint), like you did in
-Step 3, but if multiple options appear, you'll need the fingerprint of the
-person to whom you are trying to communicate to verify which one to use.</p>
+<p class="notes">You may also see public keys referred to by a shorter
+key ID. This key ID is visible directly from the Key Management
+window. These eight character key IDs were previously used for
+identification, which used to be safe, but is no longer reliable. You
+need to check the full fingerprint as part of verifying you have the
+correct key for the person you are trying to contact. Spoofing, in
+which someone intentionally generates a key with a fingerprint whose
+final eight characters are the same as another, is unfortunately
+common.</p>
 
 </div><!-- End .main -->
 </div><!-- End #step-identify_keys .step-->
diff --git a/en/mac.html b/en/mac.html
index af177317..c2727ba9 100644
--- a/en/mac.html
+++ b/en/mac.html
@@ -241,7 +241,7 @@ so, skip this step.</p>
 <p>If not, search "Enigmail" with the search bar in the upper right. You
 can take it from here. Restart your email program when you're done.</p>
 
-<p>Enigmail versions prior to 2.0.6 have serious security issues. Make sure to install version 2.0.6 or later. The current version is 2.0.6.1.</p>
+<p>Enigmail versions prior to 2.0.6 have serious security issues. Make sure to install version 2.0.6 or later.</p>
 
 <!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
 <div class="troubleshooting">
@@ -822,15 +822,15 @@ and choosing Key Properties. It's good practice to share your fingerprint
 wherever you share your email address, so that people can double-check that
 they have the correct public key when they download yours from a keyserver.</p>
 
-<p class="notes">You may also see public keys referred to by their key ID,
-which is simply the last eight digits of the fingerprint, like C09A61E8 for
-Edward. The key ID is visible directly from the Key Management window. This
-key ID is like a person's first name (it is a useful shorthand but may not be
-unique to a given key), whereas the fingerprint actually identifies the key
-uniquely without the possibility of confusion. If you only have the key ID,
-you can still look up the key (as well as its fingerprint), like you did in
-Step 3, but if multiple options appear, you'll need the fingerprint of the
-person to whom you are trying to communicate to verify which one to use.</p>
+<p class="notes">You may also see public keys referred to by a shorter
+key ID. This key ID is visible directly from the Key Management
+window. These eight character key IDs were previously used for
+identification, which used to be safe, but is no longer reliable. You
+need to check the full fingerprint as part of verifying you have the
+correct key for the person you are trying to contact. Spoofing, in
+which someone intentionally generates a key with a fingerprint whose
+final eight characters are the same as another, is unfortunately
+common.</p>
 
 </div><!-- End .main -->
 </div><!-- End #step-identify_keys .step-->
diff --git a/en/windows.html b/en/windows.html
index 3704ff18..09d2169d 100644
--- a/en/windows.html
+++ b/en/windows.html
@@ -241,7 +241,7 @@ so, skip this step.</p>
 <p>If not, search "Enigmail" with the search bar in the upper right. You
 can take it from here. Restart your email program when you're done.</p>
 
-<p>Enigmail versions prior to 2.0.6 have serious security issues. Make sure to install version 2.0.6 or later. The current version is 2.0.6.1.</p>
+<p>Enigmail versions prior to 2.0.6 have serious security issues. Make sure to install version 2.0.6 or later.</p>
 
 <!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
 <div class="troubleshooting">
@@ -813,6 +813,7 @@ type="reset" value="reset" name=".reset"></p>
 
 <h3>Identifying keys: Fingerprints and IDs</h3>
 
+
 <p>People's public keys are usually identified by their key fingerprint,
 which is a string of digits like F357AA1A5B1FA42CFD9FE52A9FF2194CC09A61E8
 (for Edward's key). You can see the fingerprint for your public key, and
@@ -822,15 +823,15 @@ and choosing Key Properties. It's good practice to share your fingerprint
 wherever you share your email address, so that people can double-check that
 they have the correct public key when they download yours from a keyserver.</p>
 
-<p class="notes">You may also see public keys referred to by their key ID,
-which is simply the last eight digits of the fingerprint, like C09A61E8 for
-Edward. The key ID is visible directly from the Key Management window. This
-key ID is like a person's first name (it is a useful shorthand but may not be
-unique to a given key), whereas the fingerprint actually identifies the key
-uniquely without the possibility of confusion. If you only have the key ID,
-you can still look up the key (as well as its fingerprint), like you did in
-Step 3, but if multiple options appear, you'll need the fingerprint of the
-person to whom you are trying to communicate to verify which one to use.</p>
+<p class="notes">You may also see public keys referred to by a shorter
+key ID. This key ID is visible directly from the Key Management
+window. These eight character key IDs were previously used for
+identification, which used to be safe, but is no longer reliable. You
+need to check the full fingerprint as part of verifying you have the
+correct key for the person you are trying to contact. Spoofing, in
+which someone intentionally generates a key with a fingerprint whose
+final eight characters are the same as another, is unfortunately
+common.</p>
 
 </div><!-- End .main -->
 </div><!-- End #step-identify_keys .step-->
diff --git a/static b/static
index c562ef69..382381e9 160000
--- a/static
+++ b/static
@@ -1 +1 @@
-Subproject commit c562ef695e44adb82ef3af768427be3d106377f1
+Subproject commit 382381e9371800516e19fdab7776d9b4a3c2a083