[PATCH] Make update_keysig_packet honour cert-digest-algo
dshaw at jabberwocky.com
Wed May 13 05:04:56 CEST 2009
On May 12, 2009, at 4:05 PM, Daniel Kahn Gillmor wrote:
> So how do you suggest we prepare for this transition?
By not assuming things. We don't know the details. What we don't
know is much greater than what we do know.
Do you know what doubling signatures with do for the various currently
deployed OpenPGP clients out there? Will they all do the right
thing? How many will break? It's not enough to test against yourself
here - from your blog posting, I understand you are communicating
mainly with Debian developers, virtually all of which are running a
somewhat recent version of GPG.
And all this before the paper describing the attack is even
published! Do we know the details of the attack? No. Do we know if
the attack works against SHA-2? It might - both SHA-1 and the SHA-2
family share the same basic construction. Does the extra size of
SHA-2 give enough buffer to avoid the attack? Probably, but we don't
know yet. Are we safe until SHA-3 is ready? Maybe, maybe not. We've
only seen a few powerpoint slides.
Have you ever heard the old trope "Something must be done. This is
something. Therefore, this must be done" ? This is a bit like that.
Coming up with a defense against what we *think* the attack is is a
dicey business, especially when we can wait just a little while for
the paper to be published and then we can come up with a defense
against what we *know* the attack is. No matter what the attack turns
out to be, I feel confident in saying that we are at least safe until
the paper appears.
More information about the Gnupg-devel