IETF Logo Mail Archive

Re: How to Calculate Signatures?

Ian G <iang@systemics.com> Sun, 03 April 2005 20:16 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA23864 for <openpgp-archive@lists.ietf.org>; Sun, 3 Apr 2005 16:16:12 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j33JxXd9055904; Sun, 3 Apr 2005 12:59:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j33JxXM4055903; Sun, 3 Apr 2005 12:59:33 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from www.enhyper.com (mailgate.enhyper.com [62.49.250.18]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j33JxVLD055896 for <ietf-openpgp@imc.org>; Sun, 3 Apr 2005 12:59:32 -0700 (PDT) (envelope-from iang@systemics.com)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by www.enhyper.com (8.11.6/8.11.6) with SMTP id j33JxEU03221 for <ietf-openpgp@imc.org>; Sun, 3 Apr 2005 20:59:25 +0100
X-Authentication-Warning: www.enhyper.com: localhost.localdomain [127.0.0.1] didn't use HELO protocol
Message-ID: <42504BEE.9000303@systemics.com>
Date: Sun, 03 Apr 2005 21:02:54 +0100
From: Ian G <iang@systemics.com>
Organization: http://financialcryptography.com/
User-Agent: Mozilla Thunderbird 1.0 (X11/20050219)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-openpgp@imc.org
Subject: Re: How to Calculate Signatures?
References: <20050402201614.31E9157EE9@finney.org> <425005AE.5030105@algroup.co.uk> <42501CD7.4070005@algroup.co.uk> <200504031948.22079@zaphod.konrad.silmor.de> <4250389F.4050301@systemics.com> <42503B87.4090509@algroup.co.uk>
In-Reply-To: <42503B87.4090509@algroup.co.uk>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

Ben Laurie wrote:
> 

>> Would it be a good idea to put in a statement
>> explicitly limiting OpenPGP's view of DSS to be
>> SHA1 only?  And add a comment perhaps that in the
>> light of weaknesses in SHA1, that RSA with a fatter
>> digest be used instead as a workaround?
> 
> 
> The cost of that is that anyone with a DSA key is screwed. Seems like a 
> last resort to me.


Anyone who has a DSA key now is screwed if:

    * the SHA1 hash is shown to be breached for:
       - pre-images, or
       - they have a collision-sensitive signature system,
    and,

    * the attacks are within reach by their attackers, and
    * they cannot change their document format, and
    * they cannot change to RSA, and
    * they cannot simply repudiate any false dox, and
    * they actually use DSA sigs for something important.

Seems like a tough list to me.  My systems use OpenPGP
sigs for real stuff (as opposed to just signing mail
because it exists there) and none of the above are
even remotely a threat that I can see.  Maybe I am
screwed, but seeing as I don't see how, I'm willing to
run that risk and maybe I'll find out :)

I personally don't see much merit in changing the situation
until something decent comes along.

iang
-- 
News and views on what matters in finance+crypto:
         http://financialcryptography.com/

v2.23.0 | Report a Bug | By Email