Re: Suggested changes for DSA2
hal@finney.org ("Hal Finney") Mon, 27 March 2006 23:45 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FO1Os-0003eM-3b for openpgp-archive@lists.ietf.org; Mon, 27 Mar 2006 18:45:30 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FO1Oq-0002x8-Ot for openpgp-archive@lists.ietf.org; Mon, 27 Mar 2006 18:45:30 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2RNNuoJ025399; Mon, 27 Mar 2006 16:23:56 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2RNNuNd025398; Mon, 27 Mar 2006 16:23:56 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2RNNuie025392 for <ietf-openpgp@imc.org>; Mon, 27 Mar 2006 16:23:56 -0700 (MST) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id 1754257FAE; Mon, 27 Mar 2006 15:22:15 -0800 (PST)
To: dshaw@jabberwocky.com, hal@finney.org
Subject: Re: Suggested changes for DSA2
Cc: ietf-openpgp@imc.org
Message-Id: <20060327232215.1754257FAE@finney.org>
Date: Mon, 27 Mar 2006 15:22:15 -0800
From: hal@finney.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
David writes: > For implementation of signature verification you can just take p and q > straight from the public key. You don't need to guess since the key > has all the information you need. With signatures, it is the verifier more than the signer who is vulnerable and who needs to be protected. The problem is that as the verifying software it is my responsibility to provide some level of assurance to the user about how strong this signature is. Right now at best we only report the key size. I'd like to make sure that q is as strong as p. Otherwise we might see a 4096 bit key with a 160 bit q, so it is really no stronger than a 1024 bit key. It is hard to report to the user how strong a signature by that key should be considered to be. This problem goes away if we standardize on the q sizes that go with certain p sizes. That's what I'd like to do. Any keys that break the rules would be considered invalid. Maybe we don't have to just do the FIPS ones but could extend them somewhat. Hal
- Suggested changes for DSA2 David Shaw
- Re: Suggested changes for DSA2 "Hal Finney"
- Re: Suggested changes for DSA2 David Shaw
- Re: Suggested changes for DSA2 Ben Laurie
- Re: Suggested changes for DSA2 "Hal Finney"
- Re: Suggested changes for DSA2 David Shaw
- Re: Suggested changes for DSA2 Ian G
- Re: Suggested changes for DSA2 David Shaw
- Re: Suggested changes for DSA2 David Shaw
- Re: Suggested changes for DSA2 Daniel A. Nagy
- Re: Suggested changes for DSA2 Jon Callas
- Re: Suggested changes for DSA2 "Hal Finney"
- Re: Suggested changes for DSA2 David Shaw
- Re: Suggested changes for DSA2 "Hal Finney"
- Re: Suggested changes for DSA2 David Shaw
- Re: Suggested changes for DSA2 Daniel A. Nagy
- Re: Suggested changes for DSA2 "Hal Finney"
- Re: Suggested changes for DSA2 "Hal Finney"
- Re: Suggested changes for DSA2 David Shaw
- Re: Suggested changes for DSA2 David Shaw
- Cost-benefit analysis of algorithm substitution Ian G