On 12/12/2010 11:21 AM, Robert J. Hansen wrote: > On 12/12/2010 10:23 AM, Daniel Kahn Gillmor wrote: >> What part of OpenPGP certificates require SHA-1? > > ... At first blush, V4 certificate checksums,
what do you mean by "V4 certificate checksums"?
> symmetrically encrypted
> integrity protected data packets, the MDC system in general
These are not part of the OpenPGP certificate format.
> certificate fingerprints, etc.
yeah, this is serious, but it's not embedded in the certificate. if we
were to come up with a new fingerprint format, it would not invalidate
any existing certificates -- it would just change how we refer to them.
> Probably the most annoying -- to me, at least -- is the fingerprint
> requirement. If a preimage collision is discovered in SHA-1 then it's
> all over. I can take your signature on my enemy's key, graft it onto my
> own impersonator of my enemy's key, and then get others to believe it.
agreed. but this is not part of the certificate format.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
