On 2010-12-21 13:56, Greg Troxel wrote: > > My real point was not that openpgp should be mandatory, but that > whatever tahoe does should be compatible, and avoid reinventing the > trust management wheel > > Your comment made me realize more crisply that the real property I want > From pgp is to be able to manage keys via pgp and then easily insert > them into tahoe. I really do mean "manage via and insert", not "send > email with keys as content that people will cut/paste". I remembered > that I had heard about transforming openpgp keys to ssh keys (and > perhaps the other way). I found > > http://web.monkeysphere.info/ > http://manpages.ubuntu.com/manpages/lucid/man7/monkeysphere.7.html > http://manpages.ubuntu.com/manpages/lucid/man1/openpgp2ssh.1.html > > which can convert an openpgp key into ssh key format.
I don't approve of converting key material between protocols, due to the risk of multi-protocol attacks: <http://alexandria.tue.nl/extra1/wskrap/publichtml/200510.pdf> <http://www.win.tue.nl/ipa/archive/falldays2005/Presentatie_Cremers.pdf> In the public key case, if all the protocols using a given private key do not use the same padding scheme, none of the previous analysis of those padding schemes will apply. If they do use the same scheme, there is the risk of a signature made for one protocol being misinterpreted as a signature made for another, for example. -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
