kernel.org status: establishing a PGP web of trust
Robert J. Hansen
rjh at sixdemonbag.org
Sat Oct 1 22:46:55 CEST 2011
On 10/1/2011 9:01 AM, Aaron Toponce wrote:
> https://secure.wikimedia.org/wikipedia/en/wiki/Digital_Signature_Algorithm#Sensitivity
This is an argument against having a *bad* DSA implementation, in the
exact same way you shouldn't use a bad RSA implementation, either. RSA
has just as many warnings -- take a look at how many times PKCS has been
updated to reflect new understandings of RSA's risks.
> Having a sufficient amount of paranoia, would keep you from using DSA, I
> would think.
That's the same level of paranoia that led to Kurt Goedel starving to
death because he was afraid of how everyone around him was trying to
poison him. I don't think we should recommend that level of paranoia.
More information about the Gnupg-users
mailing list