Use other hash than SHA-1
dshaw at jabberwocky.com
Wed May 6 04:16:17 CEST 2009
On May 5, 2009, at 5:21 PM, Christoph Anton Mitterer wrote:
> On Mon, 2009-05-04 at 23:46 -0400, David Shaw wrote:
>> Re-issuing your self-sigs is more or less harmless. The keyservers
>> never delete anything, so they'll end up with both the old and new.
> I'm not sure if this leads to the same discussion that we had some
> ago on the WG-list (about explicitly revoking previous self-sigs),...
> but if a key has self-sigs with different hash-algos,... does this
> "allow" downgrad-attacks or that like?
It depends on the attack. What is the attack you are concerned about?
>> Assuming all works properly, the newer clients should end up using
>> newer selfsig, and the older clients should keep using the old one
>> they won't be able to verify the new one).
> Even when they see, that the self-sig with the "better" algo, has a
> newer creation date?
> Would consider this critical :/
They mustn't do this. They can't, really. It would enable a pretty
trivial DoS if I could make up a bogus self-sig with some hash number
that isn't even allocated yet, but a later date, and send it to a
keyserver to be attached to my victim key. GPG must treat any
signature that does not verify as irrelevant.
More information about the Gnupg-users