[PATCH] Make update_keysig_packet honour cert-digest-algo

David Shaw dshaw at jabberwocky.com
Wed May 13 05:04:56 CEST 2009

On May 12, 2009, at 4:05 PM, Daniel Kahn Gillmor wrote:
> So how do you suggest we prepare for this transition?

By not assuming things.  We don't know the details.  What we don't  
know is much greater than what we do know.

Do you know what doubling signatures with do for the various currently  
deployed OpenPGP clients out there?  Will they all do the right  
thing?  How many will break?  It's not enough to test against yourself  
here - from your blog posting, I understand you are communicating  
mainly with Debian developers, virtually all of which are running a  
somewhat recent version of GPG.

And all this before the paper describing the attack is even  
published!  Do we know the details of the attack?  No.  Do we know if  
the attack works against SHA-2?  It might - both SHA-1 and the SHA-2  
family share the same basic construction.  Does the extra size of  
SHA-2 give enough buffer to avoid the attack?  Probably, but we don't  
know yet.  Are we safe until SHA-3 is ready?  Maybe, maybe not.  We've  
only seen a few powerpoint slides.

Have you ever heard the old trope "Something must be done.  This is  
something.  Therefore, this must be done" ?  This is a bit like that.   
Coming up with a defense against what we *think* the attack is is a  
dicey business, especially when we can wait just a little while for  
the paper to be published and then we can come up with a defense  
against what we *know* the attack is.  No matter what the attack turns  
out to be, I feel confident in saying that we are at least safe until  
the paper appears.


More information about the Gnupg-devel mailing list