Key version games (was Re: problem with exporting subkeys)

David Shaw dshaw at jabberwocky.com
Sat Mar 2 15:20:02 CET 2002


On Sat, Mar 02, 2002 at 11:45:52AM +0200, disastry at saiknes.lv.NO.SPaM.NET wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
> 
> David Shaw dshaw at jabberwocky.com wrote:
> > > Florian, this can give you the unchangeable expiration date that you
> > > wanted, if you're willing to accept the restrictions (RSA only, etc.)
> > > on v3 keys :)
> > 
> > as well as easy to fake keyIDs.
> 
> Yeah, and the MD5-only restriction if you use it for signing. :/
> David
> 
> not true. there is no such restriction. you can use any hash and cipher.

Oops, you're right.  I was thinking in terms of backwards
compatibility to PGP2 (yes I know there are a whole handful of
modified versions that allow other hashes, but vanilla MIT PGP 2 does
not), but used as a subkey on a OpenPGP key any OpenPGP hash is fine.

David

-- 
   David Shaw  |  dshaw at jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson




More information about the Gnupg-devel mailing list