[cryptography] Duplicate primes in lots of RSA moduli

Jon Callas jon at callas.org
Thu Feb 16 12:42:33 EST 2012


On 16 Feb, 2012, at 3:30 AM, Bodo Moeller wrote:

> On Thu, Feb 16, 2012 at 12:05 PM, Werner Koch <wk at gnupg.org> wrote:
>  
> You are right that RFC4880 does not demand that the key expiration date
> is put into a hashed subpacket.  But not doing so would be stupid.
> 
> I call it a "protocol failure", you call it "stupid", but Jon calls it a "feature" (http://article.gmane.org/gmane.ietf.openpgp/4557/).

That's not what I said. Or perhaps not what I meant.

I think it is indeed a feature that the expiry is a part of the certification, not part an intrinsic property of the key material. That permits you to do very cool things like rolling certification lifetimes.

Putting that into an unhashed packet is stupid, as Werner said.

	Jon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120216/9bc117ca/attachment.html>


More information about the cryptography mailing list