...1.0.7 gonna publish my key / RSA ?

Werner Koch wk@gnupg.org
Fri Sep 27 16:17:02 2002


On Fri, 27 Sep 2002 08:10:00 -0400, R Bradley Tilley said:

> Does it have anything to do with weak encryption?
> http://www.rsasecurity.com/news/releases/pr.asp?doc_id=1400

No.  The main problems are that you can easily fake a key ID and that
it is possible to change the encrypted text to produce garbage; along
with some social engineering the latter can be used to get knowledge
of the encrypted text.  They are all not really serious but we want
to be on the safe side.  There are a couple of other improvements in
OpenPGP which make cryptographers feeling better.


Salam-Shalom,

   Werner