Hi MFPA, > Would the attack work by just concatenating lots of identical > signature packets onto a copy of the target key and sending the result > to the keyserver?
I have no knowledge of the workings of the keyservers. But my guess is that they would all be coalesced into the single signature that they are (similarly to when a single new signature was uploaded to two different SKS keyservers and these are coalesced on reconciliation). It might be possible if you just change some bytes. I dunno. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
