Re: How to Calculate Signatures?
hal@finney.org ("Hal Finney") Mon, 04 April 2005 04:37 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA26400 for <openpgp-archive@lists.ietf.org>; Mon, 4 Apr 2005 00:37:35 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j344NBpY041925; Sun, 3 Apr 2005 21:23:11 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j344NB0o041923; Sun, 3 Apr 2005 21:23:11 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j344NAqi041916 for <ietf-openpgp@imc.org>; Sun, 3 Apr 2005 21:23:11 -0700 (PDT) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id 42B3F57EBA; Sun, 3 Apr 2005 21:36:38 -0700 (PDT)
To: ietf-openpgp@imc.org
Subject: Re: How to Calculate Signatures?
Message-Id: <20050404043638.42B3F57EBA@finney.org>
Date: Sun, 03 Apr 2005 21:36:38 -0700
From: hal@finney.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Ian G writes: > I'm curious on this point. Other than the fact that > "it's broken" why is it that you see it important to > repair the DSA in OpenPGP? I'm not sure if you are asking why we worry about using SHA-1 at all given that the attack is theoretical, or why we don't just abandon DSA keys. For the first question, my main concern is that the SHA-1 attack may get worse so that it becomes computationally feasible to find collisions. If that happens we could be vulnerable to attacks like http://eprint.iacr.org/2005/067 which showed two X.509 certificates with the same hash. The attacks could become even stronger to where different userids could collide. For the second, DSA key users do not presently have the options RSA key users do to move to other hashes. As I argued, the additional risk of giving DSA users more options is not that large. Letting them use other hashes would allow them to continue to use their existing keys and benefit from the signatures they have acquired on those keys. Hal
- How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Konrad Rosenbaum
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? David Shaw
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? David Shaw
- Re: How to Calculate Signatures? Konrad Rosenbaum