On Monday 22 December 2003 11:38, aboietf(_at_)redtenbacher(_dot_)de wrote:
The German company "Robert Bosch GmbH" introduced a PKI on the basis
of a product called "Secure e-mail iT_SEC_outlook". This product uses
old-style V3 RSA keys that are created by the "trust center" of
the company for every user and are signed on creation by the trust
center key. The unusual aspect now is that only the "trust center key"
has a self-signature. All normal user keys have no self-signature but
only the trust center signature on them.
[...]
(1) Are such keys a security problem?
The key material in itself should be pretty secure. The signature also should
be ok, as long as it stays valid.
I personally would not use V3-keys for another reason: you can change the
creation date of the key without changing the keyID and fingerprint. This
means you can easily invalidate the signature without changing the main
identifiers of the key (key material, keyID, fingerprint). It can be very
annoying to try to verify a key that seemingly is the correct one, but has
been altered enough to make the signature invalid(*). V4 keys change their ID
and fingerprint whenever you change ANY bit in the public part of the key.
(*)Assuming that PGP2.x does verify the creation date of the key versus the
creation date of the signature. This is the only part that invalidates the
signature.
Konrad
pgpFDr7kQu8Wr.pgp
Description: signature