Key version games (was Re: problem with exporting subkeys)

disastry@saiknes.lv.NO.SPaM.NET disastry@saiknes.lv.NO.SPaM.NET
Sat Mar 2 16:18:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

David Shaw dshaw@jabberwocky.com wrote:
> 
> On Sat, Mar 02, 2002 at 11:45:52AM +0200, disastry@saiknes.lv.NO.SPaM.NET wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: RIPEMD160
> > 
> > David Shaw dshaw@jabberwocky.com wrote:
> > > > Florian, this can give you the unchangeable expiration date that you
> > > > wanted, if you're willing to accept the restrictions (RSA only, etc.)
> > > > on v3 keys :)
> > > 
> > > as well as easy to fake keyIDs.
> > 
> > Yeah, and the MD5-only restriction if you use it for signing. :/
> > David
> > 
> > not true. there is no such restriction. you can use any hash and cipher.
> 
> Oops, you're right.  I was thinking in terms of backwards
> compatibility to PGP2 (yes I know there are a whole handful of
> modified versions that allow other hashes, but vanilla MIT PGP 2 does
> not), but used as a subkey on a OpenPGP key any OpenPGP hash is fine.
> David

:)

btw, if we talk about subkeys, fake keyIDs is not a problem
for subkeys at all, it's only problem for master keys.

of course one can generate key with th same keyId
as yours subkey, but it is unusable anyway :)

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPIDQRDBaTVEuJQxkEQOvDACgi8RjJxRB59amfeEoNbui0ReHeoIAnjoU
9o2wu7k8dBiiAZa0HiM9P1/4
=LJG5
-----END PGP SIGNATURE-----