Does GNUPG have the PGP ADK weakness?
Werner Koch
wk@gnupg.org
Mon, 28 Aug 2000 11:09:20 +0200
On Mon, 28 Aug 2000, Huels, Ralf KSV wrote:
> Ralf´s statement that GnuPG is vulnerable seems to be based on the fact
> that keys generated by GnuPG can be modified by an attacker to contain
> an unwanted ADK. No user of GnuPG will have a problem with that as GnuPG
You can't distinguis a GnuPG created key from a key generated by an
other implemenation. OpenPGP demands the use of v4 signatures because
they have a lot of advantages.
BTW, thre are other tools to generate v4 keys and signatures aside
from GnuPG or NAI.
Werner
--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org