"Daniel A. Nagy" <> Fri, 18 February 2011 00:32 UTC

Received: from (localhost []) by (8.14.4/8.14.3) with ESMTP id p1I0W00U039408 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 17 Feb 2011 17:32:00 -0700 (MST) (envelope-from
Received: (from majordom@localhost) by (8.14.4/8.13.5/Submit) id p1I0W0lo039407; Thu, 17 Feb 2011 17:32:00 -0700 (MST) (envelope-from
X-Authentication-Warning: majordom set sender to using -f
Received: from ( []) by (8.14.4/8.14.3) with ESMTP id p1I0VwDX039399 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL) for <>; Thu, 17 Feb 2011 17:31:59 -0700 (MST) (envelope-from
Received: by bwz14 with SMTP id 14so3266621bwz.16 for <>; Thu, 17 Feb 2011 16:31:57 -0800 (PST)
Received: by with SMTP id e22mr65938bkw.103.1297989117562; Thu, 17 Feb 2011 16:31:57 -0800 (PST)
Received: from [] ([]) by with ESMTPS id rc9sm1097771bkb.2.2011. (version=TLSv1/SSLv3 cipher=OTHER); Thu, 17 Feb 2011 16:31:55 -0800 (PST)
Message-ID: <>
Date: Fri, 18 Feb 2011 01:31:50 +0100
From: "Daniel A. Nagy" <>
Organization: ePoint Systems Ltd.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20101208 Thunderbird/3.1.7
MIME-Version: 1.0
To: Ian G <>
CC: David Shaw <>, IETF OpenPGP Working Group <>
Subject: Re: DEADBEEF vs SHA1
References: <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig7A69917390DBBC8CB3943136"
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>

On 02/18/2011 12:56 AM, Ian G wrote:
>   * typically, people have expected things like digital signatures
> masquerading as human signatures to survive a long time.
>   * some standards require 30 years of technology lifetime.

Actually, these two can be addressed while still doing away with V3 key
format. Since V3 signatures can be generated by V4 keys and the keyID in
V3 signatures is not part of the hashed material, one can re-package the
V3 key in V4 format and change the keyID part in the signature, while
still keeping the whole thing valid, without access to the private key.

The only thing missing would be the self-signature of the key, but that
is a minor compromise in the face of things like keyserver poisoning.

IMHO, of course.

Daniel A. Nagy
ePoint Systems Ltd.