IETF Logo Mail Archive

Re: Suggested changes for DSA2

David Shaw <dshaw@jabberwocky.com> Mon, 27 March 2006 15:49 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FNtxy-0003aX-Sp for openpgp-archive@lists.ietf.org; Mon, 27 Mar 2006 10:49:14 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FNtxy-0004AO-HL for openpgp-archive@lists.ietf.org; Mon, 27 Mar 2006 10:49:14 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2RFO6vi092599; Mon, 27 Mar 2006 08:24:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2RFO6UK092598; Mon, 27 Mar 2006 08:24:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2RFO1we092591 for <ietf-openpgp@imc.org>; Mon, 27 Mar 2006 08:24:05 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k2RFO0k17499; Mon, 27 Mar 2006 10:24:00 -0500
Received: from grover.jabberwocky.com ([172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.6/8.13.5) with ESMTP id k2RFO1GT014059; Mon, 27 Mar 2006 10:24:01 -0500
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k2RFNsnB025570; Mon, 27 Mar 2006 10:23:54 -0500
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k2RFNsGT025569; Mon, 27 Mar 2006 10:23:54 -0500
Date: Mon, 27 Mar 2006 10:23:54 -0500
From: David Shaw <dshaw@jabberwocky.com>
To: Hal Finney <hal@finney.org>
Cc: ietf-openpgp@imc.org
Subject: Re: Suggested changes for DSA2
Message-ID: <20060327152354.GB25414@jabberwocky.com>
Mail-Followup-To: Hal Finney <hal@finney.org>, ietf-openpgp@imc.org
References: <20060326180218.12C8057FAE@finney.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20060326180218.12C8057FAE@finney.org>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.11
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22

On Sun, Mar 26, 2006 at 10:02:18AM -0800, "Hal Finney" wrote:

> > >      * The DSA algorithm will work with any hash, but it is
> > >        sensitive to the quality of the hash algorithm.  An implementation
> > >        should take care which hash algorithms are used with DSA.
> > >        Verifiers should be aware that even if the signer used a strong
> > >        hash, an attacker could have modified a signature to use a
> > >        weak one.  Only signatures issued using acceptably strong hash
> > >        algorithms should be accepted as valid.
> 
> On re-reading this I have two improvements.  The second sentence is
> redundant.  And the last sentence cautions verifiers about what hash
> was used when the sig was "issued", but the verifier doesn't know this
> (that is the point), it only knows what it sees:
> 
>      * The DSA algorithm will work with any hash, but it is
>        sensitive to the quality of the hash algorithm.  Verifiers
>        should be aware that even if the signer used a strong hash,
>        an attacker could have modified a signature to use a weak one.
>        Only signatures using acceptably strong hash algorithms should
>        be accepted as valid.

Yes, I made a similar change in the "round 2" changes for the same
reason.  I've fixed the redundant second sentence for round 3.

David

v2.23.0 | Report a Bug | By Email