[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problems with v4 key packet format
On Wed, Sep 21, 2005 at 01:28:27PM +0100, Ben Laurie wrote:
> I don't understand this attack.
It's the well-known Klima-Rosa attack. It has been discussed earlier on
> >2. No explicit count of MPIs constituting the key material (both public and
> >This information can only be inferred from the algorithm specifier, meaning
> >that any implementation that wants to perform key management must have some
> >rudimentary knowledge about all public key algorithms. This, in turn,
> >hampers forward-compatibility.
> This appears to me to be incorrect - an implementation that didn't know
> the algorithm could still deduce the number of MPIs by parsing the
> packet until it is exhausted.
Except for private key packets.
> This would mean introducing a requirement
> that all public key parameters were MPIs, of course.
> >3. Key fingerprint depends on data unrelated to the actual key (namely:
> >creation date).
> >This prevents solutions when signature keys are generated on the fly (e.g.
> >directly from a passphrase), as the key creation (or, in this case, key
> >registration) date is not available at the time of signing, thus making it
> >impossible to put am unambiguous reference to the public key into the
> Not impossible, but I'll agree, crufty. One could use a fixed creation date.
That's a horrible cruft breaking all sorts of things (validity period, etc.).
I like Dave's suggestion about adding optional subpackets, similar to those