[Top] [All Lists]

Re: Whither comment packets?

2002-04-18 11:57:42

I don't find it makes a lot of sense either.

Key size reduction is anyway easy to do whatever the packet formats --
from the cryptography directly: generate weak key-pairs, or weak
symmetric keys, or trap-door weak keys (weak if you know some secret
strong otherwise) etc.  There have been a number of papers about how
to do this and how to do it well.


On Thu, Apr 18, 2002 at 07:53:04PM +0200, Werner Koch wrote:

On Thu, 18 Apr 2002 10:12:28 -0700, Jon Callas said:

Yes, it was seen to be a security problem. An evil implementation could leak
things (like your keys) there, or use it as a way to do key-size reduction.

Not very convincing; I'd put it into the unhashed area of signature
packets ;-)


<Prev in Thread] Current Thread [Next in Thread>