Standards and PGP wraper
Werner Koch
wk at isil.d.shuttle.de
Tue Nov 10 09:22:25 CET 1998
Niklas Hernaeus <nh at sleipner.df.lth.se> writes:
> The reason to split the key to one encryption key and one signing key is
> not that technical. One reason that this was done to PGP was the side
Some cryptographers believe that different keys for signing and
encryption are more secure.
> effect to make key escrow possible, and that is a purely political issue.
* and because it is not possible to use DSA for encryption (yes I know
there is a workaround).
* ElGamal signatures are much slower and the sigantures are larger
* PGP Inc. didn't figure out how to avoid the Bleichenbacher attack on
ElGamal signatures (The code for Elgamal signatures is in pgp 5.0
but it commented out
> I find key escrow to be a very bad solution to a problem, both technically
> and politically, for several reasons, and I therefore see no reason at all
> to use a split key solution.
I can't see how you can use split key (we should better call it
secondary keys - because "split key" is normally used for a different
task) for key escrow. Okay, it makes it easy to change the encryption
key - whether this helps key escrow is not clear.
Werner
More information about the Gnupg-devel
mailing list