howto secure older keys after the recent attacks
David Shaw
dshaw at jabberwocky.com
Fri Sep 11 04:46:34 CEST 2009
On Sep 10, 2009, at 6:32 PM, Christoph Anton Mitterer wrote:
>> The people behind OpenPGP are working on a new OpenPGP proposal that
>> will use a stronger, better hash algorithm.
> Have workings on an 4880 successor already started?
No, at this point things are mainly being proposed as *additions* to
4880. The first of these to reach completion is RFC-5581, which added
the Camellia cipher to OpenPGP (it's in 1.4.10, incidentally, but you
need to opt-in by adding it to your key prefs before it will be
used). Another addition would be ECC support, or the SHA-1 free key
format.
> Perhaps some of you (David?) remember the discussion that took place
> here and on the WG list some time ago about things like:
> - how criticality and critical bit could be handled much stricter
> - potential problems that arise because conforming implementation are
> only recommended to ignore signatures of an older time (especially
> self-sigs).
> - some other places where OpenPGP could (and for security reasons
> perhaps should) be more strict and demanding to (conforming)
> implementations
> - Ideas for much broader use of attributes (different types of names,
> birth-dates, -places, sex, etc. etc.)
>
> So I wonder who's doing the (main) work for the writing this time? And
> is there perhaps a wiki or so, where one could collect such
> suggestions?
The place for all such suggestions is the IETF OpenPGP working group: http://www.imc.org/ietf-openpgp/
David
More information about the Gnupg-users
mailing list