PGP Bug Solution?
Arno Wagner
wagner@tik.ee.ethz.ch
Mon Mar 26 13:09:01 2001
Nicholas Cole wrote:
> I may be completely wrong, but if I understand the paper correctly,
> the modified key will not produce a valid signature.
With the correct public key this should be true for the DSA
signatures. I am not sure for RSA signatures.
> If that is the case, could not GPG attempt to validate a signature
> when created, and ring alarm bells if the signature does not verify?
The problem here is that somebody that can write the private key can
most likely also write the public key. As far as I understand it,
the public key might require more than the change of the modulus
(does it? not sure), but it should be computationally feasible
to create a public key that will check out.
So signatures will only fail at sites that have the correct public key.
I am not sure such a check would add to the security.
Regards,
Arno
--
Arno Wagner Dipl. Inform. ETH Zuerich wagner@tik.ee.ethz.ch
GnuPG: ID: F0C049F1 FP: 8C E0 6F A5 CC B1 5A 11 ED C7 AD D2 05 5E BB 6F
"What I saw in the Xerox PARC technology was the caveman interface, you point
and you grunt. A massive winding down, regressing away from language, in
order to address the technological nervousness of the user. Users wanted to
be infantilized, to return to a pre-linguistic condition in the using of
computers, and the Xerox PARC technology's primary advantage was that it
allowed users to address computers in a pre-linguistic way. This was to my
mind a terribly socially retrograde thing to do, and I have not changed my
mind about that." Eben Moglen (http://old.law.columbia.edu for more by E.M.)