[cryptography] Duplicate primes in lots of RSA moduli
wk at gnupg.org
Thu Feb 16 08:36:44 EST 2012
On Thu, 16 Feb 2012 13:03, bmoeller at acm.org said:
> Oh, in this case it's a self-signature. Werner, the problem (aka feature)
> is that expiry according to self-signatures isn't carried forward into
> third-party certification signatures -- so if an attacker gets hold of the
That depends on how the third party does the key-signing. OpenPGP
allows to provide an expiration date for the third party certification
(aka key signing). This solves the problem of OpenPGP "CAs" - it does
not solve the general problem of CAs at all.
The commonly used WoT semantics don't require you to check the
expiration date of a passport or driver license either. The signature
expiration dates, as used by some folks, try to add some extra value
into their key signatures for no good reason: Either the identity has
been verified or not - the identity will not change after the expiration
date. Even if you change your name later, back at the key signing time
you were known under the certified name.
> necessarily cover the expiry date, and unlike X.509 where certifications
> always come with *some* notAfter date.)
A better name for notAfter would be payableBefore.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the cryptography