Re: DEADBEEF vs SHA1

On 02/18/2011 12:56 AM, Ian G wrote:

  * typically, people have expected things like digital signatures
masquerading as human signatures to survive a long time.
  * some standards require 30 years of technology lifetime.


Actually, these two can be addressed while still doing away with V3 key
format. Since V3 signatures can be generated by V4 keys and the keyID in
V3 signatures is not part of the hashed material, one can re-package the
V3 key in V4 format and change the keyID part in the signature, while
still keeping the whole thing valid, without access to the private key.

The only thing missing would be the self-signature of the key, but that
is a minor compromise in the face of things like keyserver poisoning.

IMHO, of course.

-- 
Daniel A. Nagy
ePoint Systems Ltd.

signature.asc
Description: OpenPGP digital signature

<Prev in Thread]	Current Thread	[Next in Thread>
DEADBEEF vs SHA1, David Shaw Re: DEADBEEF vs SHA1, Daniel Kahn Gillmor Re: DEADBEEF vs SHA1, Ian G Re: DEADBEEF vs SHA1, Daniel A. Nagy <= Re: DEADBEEF vs SHA1, David Shaw Re: DEADBEEF vs SHA1, David Shaw Re: DEADBEEF vs SHA1, Jon Callas Re: DEADBEEF vs SHA1, David Shaw Re: DEADBEEF vs SHA1, Lutz Donnerhacke Re: DEADBEEF vs SHA1, David Shaw Re: DEADBEEF vs SHA1, Werner Koch Re: DEADBEEF vs SHA1, Daniel Kahn Gillmor Re: DEADBEEF vs SHA1, vedaal

Previous by Date:	Re: DEADBEEF vs SHA1, vedaal
Next by Date:	Re: DEADBEEF vs SHA1, David Shaw
Previous by Thread:	Re: DEADBEEF vs SHA1, Ian G
Next by Thread:	Re: DEADBEEF vs SHA1, David Shaw
Indexes:	[Date] [Thread] [Top] [All Lists]