Re: how close is OpenPGP tied to SHA1

ietf-openpgp

Re: how close is OpenPGP tied to SHA1

2009-02-01 21:08:56

On 02/01/2009 08:24 PM, Peter Thomas wrote:

After reading the whole RFC I've found several places where SHA1 is
given as the only possible algorithm,


This was just discussed on the list last month in a thread titled "A
review of hash function brittleness in OpenPGP":

  http://www.imc.org/ietf-openpgp/mail-archive/msg30323.html

It would be worth reviewing that thread because it contains relevant
discussion.  In short: the fingerprints seem to be the most worrisome
part, and we probably need to think about how to move forward.

Proposals?

        --dkg

signature.asc
Description: OpenPGP digital signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
how close is OpenPGP tied to SHA1, Peter Thomas Re: how close is OpenPGP tied to SHA1, Daniel Kahn Gillmor <= Re: how close is OpenPGP tied to SHA1, John Clizbe Re: how close is OpenPGP tied to SHA1, Peter Thomas Re: how close is OpenPGP tied to SHA1, Daniel Kahn Gillmor Re: how close is OpenPGP tied to SHA1, Peter Thomas Re: how close is OpenPGP tied to SHA1, Ian G Re: how close is OpenPGP tied to SHA1, David Crick Re: how close is OpenPGP tied to SHA1, Peter Thomas Re: how close is OpenPGP tied to SHA1, Jon Callas Re: how close is OpenPGP tied to SHA1, Peter Thomas Re: how close is OpenPGP tied to SHA1, Daniel Kahn Gillmor

Previous by Date:	Re: Do we need to secure our keyservers against kind of DoS Attacks, John Clizbe
Next by Date:	Re: how close is OpenPGP tied to SHA1, John Clizbe
Previous by Thread:	how close is OpenPGP tied to SHA1, Peter Thomas
Next by Thread:	Re: how close is OpenPGP tied to SHA1, John Clizbe
Indexes:	[Date] [Thread] [Top] [All Lists]