Miscellaneous questions

[Christoph Anton Mitterer]

On Tue, 2008-04-15 at 18:04 -0400, David Shaw wrote:
> It will work with GPG.  I can't speak for other programs, but it's
> legal by the spec, so it should work everywhere.
> 
> Mind you, you're going to hurt yourself, but it's legal by the spec.
Ok this I've already asked everything in my previous mail :-)



> > > Mind you, while GPG can do it, I don't think what you are doing is a
> > > good idea: OpenPGP itself uses SHA1 in a number of places.
> > I know,.. but in the signatures,.. only the revocation key subpacket
> > uses it, right?
> > The signatures (even the certification sigs) are made directly on the
> > key (and additional data like the UID), right?
> > So as far as I understand,.. I should actually gain some security, at
> > least from the point that an attacker could no longer concentrate on
> > attacking my SHA1 sigs.
> > If he want's to do a downgrade attack (recreate an new SHA1 selfsig) he
> > would have to attack the signature algorithm itself (e.g. RSA) ... or
> > kick me until I gave him my private key ;)
> No, if he wants to do a downgrade attack, he can just strip off your
> revocation packet and the new selfsig packet and use the old selfsig.
> Revoking it doesn't make it vanish.
Ah yes,.. BUT *G*,.. therefore we have keyservers, right? The place
where we not only distribute keys but also revocations on them.
If you now say everybody can always simply strip off (of course he can
but each user can get them again from the keyservers) any revocations
the whole idea of revocation would be non-sense (does this word exist in
English).


> > > These are
> > > not changeable, so even if you purge SHA1 from your key, note that
> > > you're still using SHA1.
> > btw: When is this going to be changed? i.e. the fingerprint algorithm?
> Most likely not until we tackle V5 keys.  Current keys are V4.
*G* I hope you won't finish V5 keys until I've finished my
review/suggestions paper,... and convinced you with lot of ideas X-D
Perhaps the most important ideas about fingerprints in advance: We
should try to ban the use of fingerprints inside of as many packets as
possible when it goes about certifying keys (I think currently this is
only the revocation key subpacket, and the MDC packet).

They should only be used by the user, so that he doesn't have to compare
the whole key bit by bit.


> > > Also, SHA512 is not widely implemented yet.
> > > You can very easily render your key not usable by a large percentage
> > > of the population if you pick a hash they don't have.
> > Yeah,... I know this,... unfortunately (at least from my point of view)
> > gpg and this list, seems to be very conservative it such issues :-/
> > (don't want to offend you ;) )
> I'm not insulted.  Being conservative with crypto is a compliment.
Such discussions are always difficult,... it's good if everybody keeps
in mind that (normally) nobody means any harm :-)


> > > > 3) On an existing key,.. how can I change the key usage flags with gpg?
> > > Modify the source.
> > Ok, if I modify it,.. and create a 0x1F with key usage, key
> > server-prefs, algorithm prefs, and so on... Will gpg understand this?
> No.
Ah... is this by intention? Or just not yet implemented? To say it
differently,.. which subpacktes or understood on the 0x1F signatures?


Best wishes,... should go to bed now,
-- 
Dipl.-Inf. (FH) Christoph Anton Mitterer

eMail:
christoph.anton.mitterer at physik.uni-muenchen.de
mail at christoph.anton.mitterer.name

Jabber/XMPP:
chat at christoph.anton.mitterer.name

Ludwig-Maximilians-Universität München
Lehrstuhl für experimentelle Physik – Elementarteilchenphysik
Sektion Physik
Am Coulombwall 1
85748 Garching bei München
Germany




btw: If you should ever be in a room full of particle physicians (and
you are the only computer scientist),.. (who are looking for the
Higgs-particle),... don't, I repeat don't do any jokes like "I found the
Higgs-Boson,... it was in my bag. Extremely Dangerous. ^^