ietf-openpgp
[Top] [All Lists]

Re: critical bit (5.2.3.1)

1998-09-30 08:58:36
Hal Finney <hal(_at_)rain(_dot_)org> writes:

If an attacker tries to make a signature invalid by adding an unhashed
packet with the critical bit set, he could have just as easily modified
some part of the hashed region, or the signature itself.

I thought about it while working on the import stuff; but you are
right it doesn't matter whether the critical bit is in the hashed or
unhashed region.  

Thanks,

  Werner


<Prev in Thread] Current Thread [Next in Thread>