howto secure older keys after the recent attacks
Christoph Anton Mitterer
christoph.anton.mitterer at physik.uni-muenchen.de
Fri Sep 11 00:32:58 CEST 2009
Hi Robert.
On Thu, 2009-09-10 at 10:54 -0400, Robert J. Hansen wrote:
> Nope, it's pretty pervasive in the system.
I thought it (and SHA1 fingerprints) would only be used in designated
revoker signatures, and MDC?
> The people behind OpenPGP are working on a new OpenPGP proposal that
> will use a stronger, better hash algorithm.
Have workings on an 4880 successor already started?
Perhaps some of you (David?) remember the discussion that took place
here and on the WG list some time ago about things like:
- how criticality and critical bit could be handled much stricter
- potential problems that arise because conforming implementation are
only recommended to ignore signatures of an older time (especially
self-sigs).
- some other places where OpenPGP could (and for security reasons
perhaps should) be more strict and demanding to (conforming)
implementations
- Ideas for much broader use of attributes (different types of names,
birth-dates, -places, sex, etc. etc.)
So I wonder who's doing the (main) work for the writing this time? And
is there perhaps a wiki or so, where one could collect such suggestions?
Sincerely,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: </pipermail/attachments/20090911/25f60f4f/attachment.bin>
More information about the Gnupg-users
mailing list