Re: Suggestion for the signing subkey problem

[David Shaw <dshaw@xxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Jun 26, 2003 at 08:18:30AM +0200, Werner Koch wrote:
> 
> On Wed, 25 Jun 2003 12:26:37 -0700, Hal Finney said:
> 
> > can issue signatures just fine, even if they don't usually do so; and the
> > same with ElGamal encryption subkeys.  We have loaded up the spec with
> > warnings about ElGamal signatures, but in fact those warnings mostly
> > relate to chosen plaintext attacks.  In this case it is the key owner
> 
> A practical problem with ElGamal signatures is that verification is
> really slow.

True.  I rather like Hal's suggestion to do back-signatures for all
keys, but I wouldn't make it a requirement.  We MUST do it for signing
subkeys to avoid the security problem, but why not make it a MAY for
any other key that someone cares to use it on.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE++1va4mZch0nhy8kRAn9jAKCtNSxqdxZ61ggMBjQ69F+oDZSR2wCg0okU
RMRmR5m8aqMUsrAZpz9YyfU=
=JCN2
-----END PGP SIGNATURE-----