Re: [openpgp] Fingerprint requirements for OpenPGP

Vincent Breitmoser <look@my.amazin.horse> Tue, 12 April 2016 13:15 UTC

Date: Tue, 12 Apr 2016 15:15:45 +0200
From: Vincent Breitmoser <look@my.amazin.horse>
To: Joseph Lorenzo Hall <joe@cdt.org>
Message-ID: <20160412131545.GA20078@littlepip.fritz.box>
References: <87vb3nslqh.fsf@alice.fifthhorseman.net> <20160412083409.GA16775@littlepip.fritz.box> <CABtrr-XdDjCXVCYSwUwL1cDGbv_ioNBg0Mpn3uf11oRm5TZ2ag@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl"
Content-Disposition: inline
In-Reply-To: <CABtrr-XdDjCXVCYSwUwL1cDGbv_ioNBg0Mpn3uf11oRm5TZ2ag@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ngwj7Wyvib1uMmsM2ei7ylv18nA>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Fingerprint requirements for OpenPGP
Precedence: list

Joseph Lorenzo Hall(joe@cdt.org)@Tue, Apr 12, 2016 at 09:06:11AM -0400:
> If you have two keys that map to the same fingerprint, then an
> attacker can decide to serve you whichever is in their best interest.

The premise of your scenario is that you are already using a key
generated by the attacker. What could an attacker possibly gain by
possessing a second key with the same fingerprint?

 - V

Attachment: signature.asc

[openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
Re: [openpgp] Fingerprint requirements for OpenPGP Vincent Breitmoser
Re: [openpgp] Fingerprint requirements for OpenPGP Joseph Lorenzo Hall
Re: [openpgp] Fingerprint requirements for OpenPGP Vincent Breitmoser
Re: [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
Re: [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
Re: [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
Re: [openpgp] Fingerprint requirements for OpenPGP Salz, Rich
Re: [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
Re: [openpgp] Fingerprint requirements for OpenPGP KellerFuchs
Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
Re: [openpgp] Fingerprint requirements for OpenPGP Jon Callas
[openpgp] proof-of-work fingerprints [was: Re: Fi… Daniel Kahn Gillmor
Re: [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
Re: [openpgp] Fingerprint requirements for OpenPGP Bill Frantz
Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
Re: [openpgp] Fingerprint requirements for OpenPGP Joseph Lorenzo Hall
Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
Re: [openpgp] Fingerprint requirements for OpenPGP Vincent Breitmoser
Re: [openpgp] Fingerprint requirements for OpenPGP Joseph Lorenzo Hall
Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
Re: [openpgp] Fingerprint requirements for OpenPGP Joseph Lorenzo Hall
Re: [openpgp] Fingerprint requirements for OpenPGP Phillip Hallam-Baker
Re: [openpgp] proof-of-work fingerprints [was: Re… Phillip Hallam-Baker
Re: [openpgp] proof-of-work fingerprints [was: Re… Phillip Hallam-Baker

Re: [openpgp] Fingerprint requirements for OpenPGP

Attachment: signature.asc