duplicate keyid survey results

V Alex Brennen vab@cryptnet.net
Sun Mar 10 18:54:01 2002

On Sat, 9 Mar 2002, Hironobu SUZUKI wrote:

> > If you don't think this is the right way to go, what do you suggest
> > as an alternative?  I think a warning is fine, but not returning one
> > of the keys leaves the keyserver open for a denial of service
> > attack.
> I'd like to return only "Found duplicate keys" status to client. If
> keyserver returns all of duplicate key contents to client, it can be
> used another DoS attack.

I don't believe this is true.  While the potential to create 32 bit 
key id collisions easily exists in v3, it is a hard problem in v4
because the v4 keyid (both 32 and 64 bit) are part of the fingerprint
which in v4 is the SHA160 hash of the key material. So, the problem 
of generating fake keys with a given keyid in v4 is the problem of 
looking for SHA1 partial collisions.

While partial collisions will occur as the number of keys grows, it 
will not be growing fast enough to result in an inability to retrieve
all keys with a given 32bit ID from a server for many decades (even
if you dedicate a machine to generating PGP keys and sending them to
my key server). 

	- VAB
V. Alex Brennen
Senior Systems Engineer
IBM Certified Specialist
IBM Business Partner
Bus: 352.246.8553
Fax: 770.216.1877