On Tue, Apr 12, 2016 at 9:15 AM, Vincent Breitmoser
<look@my.amazin.horse> wrote:
Joseph Lorenzo Hall(joe(_at_)cdt(_dot_)org)@Tue, Apr 12, 2016 at 09:06:11AM
-0400:
If you have two keys that map to the same fingerprint, then an
attacker can decide to serve you whichever is in their best interest.
The premise of your scenario is that you are already using a key
generated by the attacker. What could an attacker possibly gain by
possessing a second key with the same fingerprint?
Sorry so slow to respond... my premise is that increasingly I query
for full fprs to obain keys from keyservers and if that maps onto two
different keys with the same UserID that would be bad.
I guess what the rest of the thread here is saying is that it would be
so computationally difficult for a malicious keyserver to find a
collision that this isn't a problem.
(apologies for being somewhat dense)
--
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
e: joe(_at_)cdt(_dot_)org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp