IETF Logo Mail Archive

Re: Signature calculation language

nagydani@epointsystem.org (Daniel A. Nagy) Wed, 12 October 2005 00:35 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPUap-0005Xj-BT for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 20:35:39 -0400
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA13836 for <openpgp-archive@lists.ietf.org>; Tue, 11 Oct 2005 20:35:36 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C0NQ6S053914; Tue, 11 Oct 2005 17:23:26 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C0NQK9053913; Tue, 11 Oct 2005 17:23:26 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C0NPu9053907 for <ietf-openpgp@imc.org>; Tue, 11 Oct 2005 17:23:26 -0700 (PDT) (envelope-from nagydani@epointsystem.org)
Received: by mail.epointsystem.org (Postfix, from userid 1001) id 5CD782B47A3; Wed, 12 Oct 2005 02:23:24 +0200 (CEST)
Date: Wed, 12 Oct 2005 02:23:24 +0200
To: ietf-openpgp@imc.org
Subject: Re: Signature calculation language
Message-ID: <20051012002324.GA9539@epointsystem.org>
References: <20051011222500.0352B57EF9@finney.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20051011222500.0352B57EF9@finney.org>
User-Agent: Mutt/1.5.6+20040907i
From: nagydani@epointsystem.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Tue, Oct 11, 2005 at 03:25:00PM -0700, "Hal Finney" wrote:

> One possible problem is if there is any substantial set of signing subkeys
> in use that don't have the 0x19 signature.  Signatures issued by those
> keys might become invalid.  I don't think we have any from pgp.com,
> we did not previously support signing subkeys.

I have encountered only one signature subkey so far, but I do intend to use
signature subkeys in the future myself. I agree that signature theft is a
very serious issue, and mandating 0x19 signatures is necessary to prevent
it.

Signature subkeys currently in use are not that much of a problem, because
the owners can always create the missing 0x19 signature. If they don't, it's
in everybody's interest (including their own) that the signatures become
invalid.

I actually wanted to do a survey of public keys for algorithms, key sizes,
subkeys, etc. for a long time. What I really want to know is what algorithms
and key sizes are used for certification, encryption and document signature,
and what proportion of users use subkeys.

If there's additional interest for such a survey, please let me know: it
will provide me with the additional motivation I need to actually carry it
out. Most of the software has already been written, but it's a horrible
processor hog of a task, estimated to keep a server busy for several hours.
As a side benefit, I could email all known signature subkey owners about
signing their subkey both ways. But that can only happen when major
implementations (PGP and GPG) can actually do it.

Also, there's a significant number of keys corrupted by keyservers that
can't handle multiple subkeys correctly. While natural in some way, it still
amazes me how much worse the quality of keyservers are compared to other
OpenPGP software.

-- 
Daniel

v2.23.0 | Report a Bug | By Email