SHA3 IANA registration - method?

Daniel Kahn Gillmor dkg at
Mon Dec 17 15:23:44 CET 2012

On 12/17/2012 02:28 AM, Andrey Jivsov wrote:
> Now my denial of the signature looks convincing: the fingerprint is
> correct and is exactly the one that was on my page at the alleged time
> of signing, but the signature doesn't verify. I hire 3d party experts to
> record the current state of things and will rely on their statement for
> the repudiation.
> ( Of course the accuser forgot to cache my old key. )

I'm unconvinced of this as a realistic threat.  For one thing, all
OpenPGP implementations i've seen cache keys by default.

For another thing, if all the stars are aligned as you suggest, then all
i need to do to repudiate it is simply remove the key in the first
place.  No key, no verification.

So if we are to consider this a vulnerability, i don't think it is a
problem that is solved by a more-collision-resistant fingerprint.

So i'm still left with the sense that OpenPGP's key fingerprint
mechanism is reliant on resistance to a pre-image attack, and is *not*
concerned with its collision resistance.


More information about the Gnupg-devel mailing list