ietf-openpgp
[Top] [All Lists]

Re: [openpgp] New fingerprint: to v5 or not to v5

2015-09-17 17:05:42


On 9/17/2015 at 2:44 PM, "Werner Koch"  wrote:
Some people claim that a SHA-1 fingerprint might soon be problematic
due
to collision attacks.  If we assume that this is indeed the case, the
question is whether switching to SHA-256 for the very same key does
actually help: The mix of different fingerprints for the same key will
lead to the same confusion we have seen with X.509 and ssh.  Further,
if
there is a need to switch to a stronger fingerprint format for the
same
key, should the user not also assume that the use of the key has
already
been compromised and it is time to create a new key?

=====

If Collision attacks become viable for SHA-1 fingerprints, then they
would probably also become viable for subkeys as well, and it might be
possible for an attacker to generate a subkey with a collision for the
cross-certifying signature, and be able to graft a false subkey onto a
master key with a SHA-1 signature, which would definitely be a key
compromise.

so, yes,  it would be reasonable to have a new V5 format for the new
fingerprint.
vedaal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp