laying groundwork for an eventual migration away from SHA1 with gpg

Nicholas Cole nicholas.cole at
Thu May 21 12:32:14 CEST 2009

On Thu, May 14, 2009 at 2:46 PM, Micah Anderson <micah at> wrote:
> David Shaw <dshaw at> writes:
>> I don't mean there are faster/easier/cheaper ways of doing this
>> mathematically.  I mean boring old subterfuge like going to a
>> keysigning party with a fake ID, claiming to be someone else.  I get a
>> bunch of signatures, and I'm done.  It skips the whole difficult math
>> problem.
>> I'm all for strong crypto protection against impersonation, but when
>> there is a non-crypto impersonation attack that has essentially the
>> same end result as a crypto impersonation attack, and the non-crypto
>> variant of the attack is vastly cheaper, faster, and easier than the
>> crypto attack, I do start to wonder what the point is of putting a
>> strong crypto defense against the crypto attack.

I've never quite understood "Key Signing Parties" for this reason.  It
seems to me that OpenPGP and its web of trust provide an excellent way
to represent technically and securely trust relationships that already
exist.  You can't use OpenPGP to create trust that doesn't exist
outside the system.



More information about the Gnupg-devel mailing list