Does GNUPG have the PGP ADK weakness?

Huels, Ralf KSV Ralf.Huels@schufa.de
28 Aug 2000 14:17:14 +0200 


>  HRK> However, the fact remains that "broken" PGP (or other s/w) versions

>  HRK> are going to remain out there. I think it´s ok to point out that 

>  HRK> PGP (< 6.5.8) users are not safe from the bug when encrypting to

>  GnuPG 

>  HRK> users. 

> 

> Certainly, but it's not OK to say that GnuPG is also affected and people

> shouldn't be using it anymore. But that is what Ralf S. did ..


Umm. Not exactly:


| So if you want to get rid of ADKs as much as possible, you are well 

| advised to use PGP-Classic, PGP-2.6.x, the only PGP which guarantees

| that only Version-3-signatures are made and which rejects DH-keys and 

| RSA-keys in Version-4-format. 

|

| You should use GnuPG as an analysis-tool to check which packets a key

| or cryptogram consists of. And you can use newer PGP versions or GnuPG

| to check the validity of signatures on messages which have been made 

| with V4-keys by others. 


Ralf says that people who want to make sure should avoid v4 sigs. The
safest way to do that is to use software that only uses v3 sigs. 
In fact he recommends GnuPG as an analysis tool.

I do think, however, that Ralf´s criticism of the CERT advisory (as quoted 
in http://home.kamp.net/home/kai.raven/news/frame2000q3.html) suffers
from some of the same misunderstandings that have troubled the entire 
debate.
The way I understand the advisory, they perceive only the actual _use_ 
of illicit ADKs as the problem, while Ralf takes the mere fact that keys 
can be modified as the problem. For instance CERT calls keys that don´t
have ADKs when added to the key ring "not vulnerable" (presumbly because
they obviously don´t have an illicit ADK), while Ralf disagrees (because 
ADKs might be added later). 
I guess it all depends on whether you emphasize on the key itself or on 
the software that uses it. 
I think in that respect Ralf´s criticism is too harsh. If all software
products used only hashed parts of the key, there wouldn´t be a problem.

Tschüß,
Ralf

-- 
Ralf Hüls                                                  Bismarckplatz
KSV Kreditschutz-Vereinigung GmbH                           44866 Bochum
Score-Consult                                         Tel. 02327/9114-28
http://www.schufa.de/                                 Fax. 02327/8 40 27


 

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org