rabbi at quickie.net
Wed Oct 24 23:27:02 CEST 2001
On Wed, 24 Oct 2001, David Shaw wrote:
> I've been playing with 1.0.6b, and have a few comments. Some of these
> are not necessarily bugs, and some of them exist in 1.0.6 as well.
> Aside from this, 1.0.6b is really great. I love --update-trustdb.
> 1) Merely having the secret key present is not enough to make a key
> ultimately trusted. You have to do it by hand in --edit. If a new
> key is generated, however, it is ultimately trusted.
That is correct behavior. (There's a possible attack on systems that
automatically import keys received in email that doing it this way
protects against. I can describe it in more detail if you like.)
> 8) RSA key signatures are always made with MD5 as the hash. This
> makes sense for v3 key sigs, but v4 RSA key sigs are probably safe
> to use something else.
Yes. In PGP 7.0, we used SHA-1. No reason to stick with MD5.
Also, RSA v4 keys bind their subkeys to the primary key using SHA-1 in PGP
7.x as well.
> As I see it, if you are making a signature on a v4 key using your
> v3 key, it doesn't make sense to generate a v3 sig. After all, the
> point of using a v3 sig is to be backwards compatible, but no
> v3-only PGP implementation could understand the v4 key the sig is
> on in the first place.
PGP versions prior to 5.x could not do v4 at all. PGP 5.x and 6.x
understood v4 sigs on keys, but not on non-key material. (There's a nit
about this in the RFC for 5.x; it should say 6.x as well.)
(Just reiterating what you are saying here -- if an implementation can
handle a v4 key, it can handle v4 sigs on a v4 key, even if it can't
handle v4 sigs on other files.
Security Architect | "Now it's all change --
Technology Consultant | It's got to change more."
http://sion.quickie.net | --Joe Jackson
More information about the Gnupg-devel