re-issuing subkey binding signatures with alternate digests

David Shaw dshaw at
Tue May 5 04:18:39 CEST 2009

On May 4, 2009, at 6:52 PM, Daniel Kahn Gillmor wrote:

> On 05/04/2009 03:21 PM, David Shaw wrote:
>> Are there many subkey binding signatures using MD5?  Talking about
>> subkeys at all means we're talking about something closer to OpenPGP,
>> which implies SHA-1 to me.
> I have no idea how many there are, actually.  But if it makes more
> sense, imagine planning against the SHA-1 weaknesses instead, a few
> years down the road.  As people start to jump ship from SHA-1 by
> explicitly distrusting all signatures made under that hash, your old
> SHA-1 subkey binding will become suspect, even if your key doesn't  
> need
> to be revoked.

There are currently no means to do this with GPG (or other OpenPGP  
programs, so far as I know).  The generally accepted way to deal with  
this sort of problem is to make a new subkey.  After all, you would  
have to re-distribute your key to give everyone the new binding  
signature anyway, so you may as well distribute a new subkey.  Subkeys  
are very cheap.


More information about the Gnupg-devel mailing list