Am Mi 11.07.2012, 23:13:00 schrieb vedaal: > (A clever, malicious attacker could backdate the clock, > and have a forgery of something you did in the past, > when you couldn't claim: > > "Hey, that's an obvious forgery! > I'm on record as saying I would never use SHA1 to sign anything anymore!")
So what? A signature over a broken hash alone is worthless no matter what its timestamp says. If you want to prove anything by a signature at a time when the hash is considered broken you have to prove that the signature existed before that time. And this proof can obviously not be based on the broken hash. Thus you have to sign all signatures you want to be able to use after the announcement that they are broken (which can, of course, come surprisingly) by another hash or rather you have to get them signed by a trusted third party if you want to use them against someone. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users