On Wed, Sep 28, 2016 at 06:40:57AM -0400, Alfonso De Gregorio wrote: > If you are able to generate colliding signatures for a target (chosen) key, > this may amount to an impersonation attack, depending on the exact > origin authentication checks -- which may be considered even worse > than a repudiation issue. >
No, I didn't claim this. > If what you can do is to generate two new key pairs, where the > signatures made by first can be verified as signed by the second (or > viceversa), then this provides plausible deniability, and the > possibility to repudiate any valid signature made by any of the > affected signing keys. > Yes, exactly what I claimed. Posted the keys and x509 certificates, which can be verified with openssl. The keys (possibly except g=1) are not valid, but appear to be accepted by openssl without error. The certificates appear to be valid (not counting the key issues).
