[cryptography] Duplicate primes in lots of RSA moduli

Werner Koch wk at gnupg.org
Thu Feb 16 08:36:44 EST 2012

On Thu, 16 Feb 2012 13:03, bmoeller at acm.org said:

> Oh, in this case it's a self-signature. Werner, the problem (aka feature)
> is that expiry according to self-signatures isn't carried forward into
> third-party certification signatures -- so if an attacker gets hold of the

That depends on how the third party does the key-signing.  OpenPGP
allows to provide an expiration date for the third party certification
(aka key signing).  This solves the problem of OpenPGP "CAs" - it does
not solve the general problem of CAs at all.

The commonly used WoT semantics don't require you to check the
expiration date of a passport or driver license either.  The signature
expiration dates, as used by some folks, try to add some extra value
into their key signatures for no good reason: Either the identity has
been verified or not - the identity will not change after the expiration
date.  Even if you change your name later, back at the key signing time
you were known under the certified name.

> necessarily cover the expiry date, and unlike X.509 where certifications
> always come with *some* notAfter date.)

A better name for notAfter would be payableBefore.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the cryptography mailing list