On Tue, Apr 12, 2016 at 4:34 AM, Vincent Breitmoser
<look@my.amazin.horse> wrote:
Quite importantly, this should be "another *independent* key's
fingerprint", i.e. the requirement is preimage resistance, not collision
resistance. Creating two keys with colliding fingerprints is fine, at
least noone could come up with a attack scenario where it mattered.
I don't think I'm understanding this. If you have two keys that map to
the same fingerprint, then an attacker can decide to serve you
whichever is in their best interest. Doesn't that mean that
fingerprint collisions from different keys is specifically something
we want to avoid? Or am I missing the "*independent*" element of your
comment here?
--
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
e: joe(_at_)cdt(_dot_)org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp