Key version games (was Re: problem with exporting subkeys)
David Shaw
dshaw@jabberwocky.com
Sat Mar 2 15:20:02 2002
On Sat, Mar 02, 2002 at 11:45:52AM +0200, disastry@saiknes.lv.NO.SPaM.NET wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> David Shaw dshaw@jabberwocky.com wrote:
> > > Florian, this can give you the unchangeable expiration date that you
> > > wanted, if you're willing to accept the restrictions (RSA only, etc.)
> > > on v3 keys :)
> >
> > as well as easy to fake keyIDs.
>
> Yeah, and the MD5-only restriction if you use it for signing. :/
> David
>
> not true. there is no such restriction. you can use any hash and cipher.
Oops, you're right. I was thinking in terms of backwards
compatibility to PGP2 (yes I know there are a whole handful of
modified versions that allow other hashes, but vanilla MIT PGP 2 does
not), but used as a subkey on a OpenPGP key any OpenPGP hash is fine.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson