[Announce] GnuPG's ElGamal signing keys compromised

[Len Sassaman]

On Fri, 28 Nov 2003, Werner Koch wrote:

> The real problem is not the bug but the use of Elgamal signatures at
> all.  They have too many problems and many people got trapped by some
> of them (e.g. the Bleichenbacher attack).  Probably I was somewhat
> arrogant to assume that my implementation got it right.

And that's the problem -- everyone's arrogant from time to time. I'll go
on record, again, as saying I would really like to see ElGamal signature
support removed from OpenPGP. I believe the existence of support for such
keys, even if no major implementations now allow their use, weakens the
protocol.