Re: [openpgp] New fingerprint: to v5 or not to v5

Werner Koch <wk@gnupg.org> Fri, 18 September 2015 12:25 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB25A1B2B63 for <openpgp@ietfa.amsl.com>; Fri, 18 Sep 2015 05:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RwA6LI2x4XkZ for <openpgp@ietfa.amsl.com>; Fri, 18 Sep 2015 05:25:55 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05B241B2B68 for <openpgp@ietf.org>; Fri, 18 Sep 2015 05:25:55 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Zcujg-0001TU-Tb for <openpgp@ietf.org>; Fri, 18 Sep 2015 14:25:52 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1Zcuer-00006X-LH; Fri, 18 Sep 2015 14:20:53 +0200
From: Werner Koch <wk@gnupg.org>
To: vedaal@nym.hush.com
References: <20150917220536.574C4C035D@smtp.hushmail.com>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Mail-Followup-To: vedaal@nym.hush.com, openpgp@ietf.org
Date: Fri, 18 Sep 2015 14:20:53 +0200
In-Reply-To: <20150917220536.574C4C035D@smtp.hushmail.com> (vedaal@nym.hush.com's message of "Thu, 17 Sep 2015 18:05:36 -0400")
Message-ID: <87zj0jx6je.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/daujrJzuspwoifFx5mudqJjaDn0>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] New fingerprint: to v5 or not to v5
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2015 12:25:57 -0000

On Fri, 18 Sep 2015 00:05, vedaal@nym.hush.com said:
> would probably also become viable for subkeys as well, and it might be
> possible for an attacker to generate a subkey with a collision for the
> cross-certifying signature, and be able to graft a false subkey onto a

You mean the back signatures (Primary Key Binding Signature), right?
They are done directly on the key material and not on the fingerprint.
Thus back signatures can be updated to SHA-256 without problems.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.