On 9/17/2015 at 2:44 PM, "Werner Koch" wrote:
Some people claim that a SHA-1 fingerprint might soon be problematic
due
to collision attacks. If we assume that this is indeed the case, the
question is whether switching to SHA-256 for the very same key does
actually help: The mix of different fingerprints for the same key will
lead to the same confusion we have seen with X.509 and ssh. Further,
if
there is a need to switch to a stronger fingerprint format for the
same
key, should the user not also assume that the use of the key has
already
been compromised and it is time to create a new key?
=====
If Collision attacks become viable for SHA-1 fingerprints, then they
would probably also become viable for subkeys as well, and it might be
possible for an attacker to generate a subkey with a collision for the
cross-certifying signature, and be able to graft a false subkey onto a
master key with a SHA-1 signature, which would definitely be a key
compromise.
so, yes, it would be reasonable to have a new V5 format for the new
fingerprint.
vedaal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp