Problems with private keyring?
Taral
taral@taral.net
Thu Mar 22 23:01:03 2001
--QKdGvSO+nmPlgiQ/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Mar 22, 2001 at 10:44:25PM +0100, Florian Weimer wrote:
> Their attack doesn't work with these checks in place. However, there
> are other attacks which involve modifying public DSA parameters. I'm
> not a cryptanalyst and I've just started reading about DSA (and
> already decided that I don't like it at all, especially the OpenPGP
> incarnation), so I'm not in the position to claim that a specific set
> of consistency checks is safe or not. Releasing a patch which is
> solely based on consistency checks would imply such a statement.
Agreed. (Nothing's wrong with DSA so long as you can ensure that k is
unrecoverable.) This is why I believe that it would be better to simple
sign the key materian _in toto_, thus providing protection equal to that
of a public key.
--=20
Taral <taral@taral.net>
Please use PGP/GPG to send me mail.
"Never ascribe to malice what can as easily be put down to stupidity."
--QKdGvSO+nmPlgiQ/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjq6dg4ACgkQ7rh4CE+nYElkpgCgtztaMf0pGksw/zwEXSMqgxOQ
zZYAoJm30oO1t02BeK/bNM+l1H70+UvW
=Dzs6
-----END PGP SIGNATURE-----
--QKdGvSO+nmPlgiQ/--