[Top] [All Lists]

Re: Hash Collision Shield (subpacket def)

2005-02-17 10:17:37

On Thu, Feb 17, 2005 at 05:46:29PM +0100, Rick van Rein wrote:


It's a bit of a long stretch perhaps...  but it is probably the simplest
thing we can do, and it is completely backward compatible.  Suggested
text fragments follow.

The problem of the fingerprints and other hard-coded SHA1 apps are not
solved by this, of course.

Should we add a remark about subliminal channels caused by incorporating
random bytes?

I think we should not do this for several reasons, but those reasons
don't matter much: we already have signature notations.  If someone
wants to add arbitrary stuff in the middle of their signatures, they
can do that now.