Use other hash than SHA-1

Christoph Anton Mitterer christoph.anton.mitterer at physik.uni-muenchen.de
Tue May 5 23:21:14 CEST 2009


On Mon, 2009-05-04 at 23:46 -0400, David Shaw wrote:
> I believe that's it.  Fingerprints, revocation signatures (which use  
> fingerprints internally), and the MDC.


> While I would start (did start, actually, a few years ago) using  
> SHA-256 to certify other people's keys, I wouldn't bother re-issuing  
> older SHA-1 certifications.
> 
> Re-issuing your self-sigs is more or less harmless.  The keyservers  
> never delete anything, so they'll end up with both the old and new.   
I'm not sure if this leads to the same discussion that we had some time
ago on the WG-list (about explicitly revoking previous self-sigs),...
but if a key has self-sigs with different hash-algos,... does this
"allow" downgrad-attacks or that like?


> Assuming all works properly, the newer clients should end up using the  
> newer selfsig, and the older clients should keep using the old one (as  
> they won't be able to verify the new one).
Even when they see, that the self-sig with the "better" algo, has a
newer creation date?
Would consider this critical :/


Best wishes,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: </pipermail/attachments/20090505/146a43f2/attachment.bin>


More information about the Gnupg-users mailing list