[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] GPG keysigning?

On 06/11/2009 01:40 PM, Daniel Kahn Gillmor wrote:
> However, once such an attack exists, the responsible course of action
> will be to promptly deprecate all keys that rely on SHA1 (in
> self-signatures, etc).  

Before this gets misinterpreted, let me clarify:  i understand that
pre-existing self-signatures won't become inherently less-trustworthy in
the event that the digest algorithm they're based on has a practical
flaw in its collision-resistance.

However, there's no cryptographic way to distinguish between
pre-existing self-signatures (e.g. stuff you already had a hard copy of
on your local machine before an attack was developed by someone
elsewhere) and new forged signatures that have been forged to look old.

This suggests that from a systems infrastructure point of view, it's
simplest and safest to consider suspect *all* signatures made over a
digest with significantly weakened collision-resistance.  This includes
self-signatures, unfortunately, and the keys which rely on them.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: