On Tuesday 31 May 2005 09:52, Konrad Rosenbaum wrote:
Ben Laurie said:
As I have previously stated, my keyring contains Elgamal signatures. I'm
sure I'm not alone in this. I want to be able to check them. I think its
fine to deprecate them, but refusing to describe them is just annoying.
As far as I recall it is PKCS#1-v1.5 - just like RSA.
However, these signatures are not worth anything, since they leak the key
and are easily forgable after the first signature. So bothering with
verifying them is nonsense in my opinion. Cryptographically an Elgamal
signature on something tells you as much about that something as a coffee
stain on a printout of it.
If they are as dangerous as you say - "leak the key" and "forgeable" -
then perhaps they should be more than deprecated, they should be
marked as "SHOULD NOT be verified and should be marked in some
negative fashion to indicate broken tech to the user" ?
Just because something exists is not a sufficient argument for including
it in the ID. If we are of the opinion that something should not be
done and not be promulgated then leaving it out and marking the
allocated numbers as "reserved" should be sufficient. A standard is
a document describing what we want people to do, not what we want
people not to do.
iang
--
Advances in Financial Cryptography:
https://www.financialcryptography.com/mt/archives/000458.html