On May 5, 2009, at 5:21 PM, Christoph Anton Mitterer wrote:
On Mon, 2009-05-04 at 23:46 -0400, David Shaw wrote:
Re-issuing your self-sigs is more or less harmless. The keyservers
never delete anything, so they'll end up with both the old and new.
I'm not sure if this leads to the same discussion that we had some
time
ago on the WG-list (about explicitly revoking previous self-sigs),...
but if a key has self-sigs with different hash-algos,... does this
"allow" downgrad-attacks or that like?
It depends on the attack. What is the attack you are concerned about?
Assuming all works properly, the newer clients should end up using
the
newer selfsig, and the older clients should keep using the old one
(as
they won't be able to verify the new one).
Even when they see, that the self-sig with the "better" algo, has a
newer creation date?
Would consider this critical :/
They mustn't do this. They can't, really. It would enable a pretty
trivial DoS if I could make up a bogus self-sig with some hash number
that isn't even allocated yet, but a later date, and send it to a
keyserver to be attached to my victim key. GPG must treat any
signature that does not verify as irrelevant.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
