SHA3 IANA registration - method?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Dec 17 15:23:44 CET 2012
On 12/17/2012 02:28 AM, Andrey Jivsov wrote:
> Now my denial of the signature looks convincing: the fingerprint is
> correct and is exactly the one that was on my page at the alleged time
> of signing, but the signature doesn't verify. I hire 3d party experts to
> record the current state of things and will rely on their statement for
> the repudiation.
> ( Of course the accuser forgot to cache my old key. )
I'm unconvinced of this as a realistic threat. For one thing, all
OpenPGP implementations i've seen cache keys by default.
For another thing, if all the stars are aligned as you suggest, then all
i need to do to repudiate it is simply remove the key in the first
place. No key, no verification.
So if we are to consider this a vulnerability, i don't think it is a
problem that is solved by a more-collision-resistant fingerprint.
So i'm still left with the sense that OpenPGP's key fingerprint
mechanism is reliant on resistance to a pre-image attack, and is *not*
concerned with its collision resistance.
More information about the Gnupg-devel