1.0.6b comments

Len Sassaman rabbi@quickie.net
Wed Oct 24 22:27:02 2001


On Wed, 24 Oct 2001, David Shaw wrote:

> Hiya,
>
> I've been playing with 1.0.6b, and have a few comments.  Some of these
> are not necessarily bugs, and some of them exist in 1.0.6 as well.
>
> Aside from this, 1.0.6b is really great.  I love --update-trustdb.
>
> 1) Merely having the secret key present is not enough to make a key
>    ultimately trusted.  You have to do it by hand in --edit.  If a new
>    key is generated, however, it is ultimately trusted.

That is correct behavior. (There's a possible attack on systems that
automatically import keys received in email that doing it this way
protects against. I can describe it in more detail if you like.)

> 8) RSA key signatures are always made with MD5 as the hash.  This
>    makes sense for v3 key sigs, but v4 RSA key sigs are probably safe
>    to use something else.

Yes. In PGP 7.0, we used SHA-1. No reason to stick with MD5.

Also, RSA v4 keys bind their subkeys to the primary key using SHA-1 in PGP
7.x as well.

>    As I see it, if you are making a signature on a v4 key using your
>    v3 key, it doesn't make sense to generate a v3 sig.  After all, the
>    point of using a v3 sig is to be backwards compatible, but no
>    v3-only PGP implementation could understand the v4 key the sig is
>    on in the first place.

PGP versions prior to 5.x could not do v4 at all. PGP 5.x and 6.x
understood v4 sigs on keys, but not on non-key material. (There's a nit
about this in the RFC for 5.x; it should say 6.x as well.)

(Just reiterating what you are saying here -- if an implementation can
handle a v4 key, it can handle v4 sigs on a v4 key, even if it can't
handle v4 sigs on other files.



--

Len Sassaman

Security Architect            |  "Now it's all change --
Technology Consultant         |   It's got to change more."
                              |
http://sion.quickie.net       |              --Joe Jackson