[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how close is OpenPGP tied to SHA1

To: Peter Thomas <p4.thomas@xxxxxxxxxxxxxx>
Subject: Re: how close is OpenPGP tied to SHA1
From: Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx>
Date: Sun, 01 Feb 2009 20:59:56 -0500
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <9ef756150902011724h45de04ecq61a76ceaf8d6c138@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Openpgp: id=D21739E9
References: <9ef756150902011724h45de04ecq61a76ceaf8d6c138@xxxxxxxxxxxxxx>
Reply-to: IETF OpenPGP Working Group <ietf-openpgp@xxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103)

On 02/01/2009 08:24 PM, Peter Thomas wrote:
> After reading the whole RFC I've found several places where SHA1 is
> given as the only possible algorithm,

This was just discussed on the list last month in a thread titled "A
review of hash function brittleness in OpenPGP":

  http://www.imc.org/ietf-openpgp/mail-archive/msg30323.html

It would be worth reviewing that thread because it contains relevant
discussion.  In short: the fingerprints seem to be the most worrisome
part, and we probably need to think about how to move forward.

Proposals?

	--dkg

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: how close is OpenPGP tied to SHA1
  - From: Peter Thomas
- Re: how close is OpenPGP tied to SHA1
  - From: John Clizbe

References:
- how close is OpenPGP tied to SHA1
  - From: Peter Thomas

Prev by Date: Re: Do we need to secure our keyservers against kind of DoS Attacks
Next by Date: Re: how close is OpenPGP tied to SHA1
Previous by thread: how close is OpenPGP tied to SHA1
Next by thread: Re: how close is OpenPGP tied to SHA1
Index(es):
- Date
- Thread