Am Mi 11.07.2012, 23:13:00 schrieb vedaal:
> (A clever, malicious attacker could backdate the clock,
> and have a forgery of something you did in the past,
> when you couldn't claim:
> 
> "Hey, that's an obvious forgery!
> I'm on record as saying I would never use SHA1 to sign anything anymore!")

So what?

A signature over a broken hash alone is worthless no matter what its timestamp 
says. If you want to prove anything by a signature at a time when the hash is 
considered broken you have to prove that the signature existed before that 
time. And this proof can obviously not be based on the broken hash.

Thus you have to sign all signatures you want to be able to use after the 
announcement that they are broken (which can, of course, come surprisingly) by 
another hash or rather you have to get them signed by a trusted third party if 
you want to use them against someone.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to