Key version games (was Re: problem with exporting subkeys)
disastry@saiknes.lv.NO.SPaM.NET
disastry@saiknes.lv.NO.SPaM.NET
Sat Mar 2 16:18:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
David Shaw dshaw@jabberwocky.com wrote:
>
> On Sat, Mar 02, 2002 at 11:45:52AM +0200, disastry@saiknes.lv.NO.SPaM.NET wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: RIPEMD160
> >
> > David Shaw dshaw@jabberwocky.com wrote:
> > > > Florian, this can give you the unchangeable expiration date that you
> > > > wanted, if you're willing to accept the restrictions (RSA only, etc.)
> > > > on v3 keys :)
> > >
> > > as well as easy to fake keyIDs.
> >
> > Yeah, and the MD5-only restriction if you use it for signing. :/
> > David
> >
> > not true. there is no such restriction. you can use any hash and cipher.
>
> Oops, you're right. I was thinking in terms of backwards
> compatibility to PGP2 (yes I know there are a whole handful of
> modified versions that allow other hashes, but vanilla MIT PGP 2 does
> not), but used as a subkey on a OpenPGP key any OpenPGP hash is fine.
> David
:)
btw, if we talk about subkeys, fake keyIDs is not a problem
for subkeys at all, it's only problem for master keys.
of course one can generate key with th same keyId
as yours subkey, but it is unusable anyway :)
__
Disastry http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
iQA/AwUBPIDQRDBaTVEuJQxkEQOvDACgi8RjJxRB59amfeEoNbui0ReHeoIAnjoU
9o2wu7k8dBiiAZa0HiM9P1/4
=LJG5
-----END PGP SIGNATURE-----