ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Fingerprint requirements for OpenPGP

2016-04-12 08:15:54
from [Vincent Breitmoser] [Permanent Link] 
Joseph Lorenzo Hall(joe(_at_)cdt(_dot_)org)@Tue, Apr 12, 2016 at 09:06:11AM 
-0400:

If you have two keys that map to the same fingerprint, then an
attacker can decide to serve you whichever is in their best interest.


The premise of your scenario is that you are already using a key
generated by the attacker. What could an attacker possibly gain by
possessing a second key with the same fingerprint?

 - V

Attachment: signature.asc
Description: Digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Fingerprint requirements for OpenPGP, Joseph Lorenzo Hall
Next by Date:  Re: [openpgp] Keyserverless Use of OpenPGP in Email, Paul Wouters
Previous by Thread:  Re: [openpgp] Fingerprint requirements for OpenPGP, Joseph Lorenzo Hall
Next by Thread:  Re: [openpgp] Fingerprint requirements for OpenPGP, Joseph Lorenzo Hall
Indexes:  [Date] [Thread] [Top] [All Lists]