On Fri, 14 Mar 2014 14:55, v(_at_)v-yu(_dot_)com said:
A major consideration in the proposed scheme is to make sure that it
is separable; i.e., that different types of existing keys can be used
together without a dedicated setup. In the current scheme, signers are
Old implementations won't be able to handle ring signatures at all. To
use existing keys, users can simply use dedicated subkeys.
able to produce a ring signature without any cooperation or setup from
the other possible signers (as long as they each have an RSA, DSA, or
You better need some setup from the other possible signers: They should
be able to create ring signatures. If you look at a ring signature and
you can figure out that only key has been created with a software
version capable of handling ring signatures it would be easy to single
out who actually did the signature. Unfortunately we can't completely
hide all hints on the software version used. For example analyzing
signed mails from mailing list archives should allow to guess which
software version is used.
Thus, I think it is important to have a new algorithm ID for ring
signatures so that signers are free to mix together different types of
Agreed,
What ECC signing algorithms does the current development version of
GnuPG support?
ECDSA.
EdDSA (Bernstein et al's Schnorr variant) will likely be added soon.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp