Re: PGP evolving, improving1997-11-24 16:22:58
Uri Blumenthal wrote:
Adam Back says:b. There have been no practical cases of signature spoofing with MD5--it hasn't been broken.I agree, in the general case it has not. I'll discuss a better user migration path below.Excuse me, gentlemen, were there any practical cases of signature spoofing with MD4? Also, since this is an IETF forum, let me remind you, that the official IETF security guideline is: "For all the new standards MD5 shall not be used - but SHA-1". Of course, Security Area folks don't have the depth of knowledge tat David has been exhibiting on the Net for quite a while (:-).
Your gratuitous slam comes with ill grace from someone who apparently doesn't understand the meaning of "for all the new standards". We were talking about PGP's pulling RSA key generation from free PGP 5.0, and pulling RSA entirely from free PGP 5.5.2, neither of which is a new IETF standard or even a standard in work.. What is more, they didn't pull it from pay PGP 5.0 at the same time, so your argument fails doubly.
However, as an algorithm starts showing cracks, a cryptographer with brains replaces it before the "practical" cases start piling up. For a commercial product to get into such a situation would mean death, I think (unless you are Micro$oft, of course :-).
They didn't replace it in pay PGP 5.0.
c. PGP Inc. has made no attempt to remove MD5 in pay PGP 5.0It is possible that Will was talking about the fingerprint spoofing attack, which you are probably aware of. This flaw is nothing to do with MD5 or RSA per se, but more to do with a flaw introduced in the way that the fingerprint is calculated in pgp2.x.It was possibly to ease the upgrade path for paying customers. Like: "Yes, we strongly suggest you move to SHA-1, but to make sure your traffic isn't interrupted, here's 'bilingual' PGP for you."
And free PGP users didn't deserve an eased upgrade path, but rather to forcibly obsolete all their keys, signatures and web of trust in the new version? Especially since the RSA-key Free PGP user base is where PGP Inc. made their reputation and the size of that base is constantly cited to the IETF and in press releases as PGP's "customer base". Don't be ridiculous. And watch who you throw stones at--can you say "glass house"? David