IETF Logo Mail Archive

Re: How to Calculate Signatures?

Jon Callas <jon@callas.org> Mon, 04 April 2005 16:04 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA21810 for <openpgp-archive@lists.ietf.org>; Mon, 4 Apr 2005 12:04:10 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j34FlL82039987; Mon, 4 Apr 2005 08:47:21 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j34FlLLe039986; Mon, 4 Apr 2005 08:47:21 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j34FlKE2039978 for <ietf-openpgp@imc.org>; Mon, 4 Apr 2005 08:47:20 -0700 (PDT) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Mon, 4 Apr 2005 08:47:18 -0700
Received: from [172.16.1.2] ([12.111.6.59]) by keys.merrymeet.com (PGP Universal service); Mon, 04 Apr 2005 08:47:18 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 04 Apr 2005 08:47:18 -0700
In-Reply-To: <42515A30.3060204@systemics.com>
References: <20050404043638.42B3F57EBA@finney.org> <42515A30.3060204@systemics.com>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <3f5a429b03ed3a28992f269562b05eff@callas.org>
Content-Transfer-Encoding: 7bit
Cc: ietf-openpgp@imc.org, Hal Finney <hal@finney.org>
From: Jon Callas <jon@callas.org>
Subject: Re: How to Calculate Signatures?
Date: Mon, 04 Apr 2005 08:48:35 -0700
To: Ian G <iang@systemics.com>
X-Mailer: Apple Mail (2.619.2)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

>
> So the analysis needs to question not only the risks
> but also the costs and benefits.
>
> The number of people who need to have DSA and keep
> using their existing keys for signatures seems to be
> quite small.  In order for these people to benefit,
> they must be able to create the sigs, and everyone
> else must be able to at least read the sigs.  So
> any change will take a year or two to filter through
> until there is wide enough distribution of verification,
> and during that time, I suspect the slow uptake will
> be over taken by events.
>
>

Yup. And the same thing applies to V3 keys as well. I've had vocal 
complaints from people about their V3 key and how they're upset about 
losing whatever trust issues there are from it being a decade or more 
old.

I'm not so worried about DSS that I'm going to dump my older key. But I 
might recommend to someone creating a new key that today, RSA is a 
better choice because of SHA-1 issues and lack of wide-DSS. But that 
could change tomorrow or next week.

	Jon

v2.23.0 | Report a Bug | By Email