On Friday 03 February 2006 17:43, Ian G wrote:
Ben Laurie wrote:
This could be confusing - documents that were signed with a key
specified like this could retroactively find themselves predating the
key.
Why is this important? The date on the key is
just "there" and isn't of such strength that it
should be stressed overly much.
Consequently one would also need to scrap the logic that a signature is
invalid if it predates the key (that's somewhere in RFC2440).
Why not: hash the _complete_ public key packet _as_is_ without any
modifications?
The computational load of hashing a few bytes more and of slicing them first
should be about identical.
It is very easy to implement (read as: less potential security holes through
programming mistakes and higher interoperability).
It is much more resistant against upcoming attacks than a selective model.
Konrad
pgpWYK59Fqfyi.pgp
Description: PGP signature