Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: PGP Signatures security BUG!
From: wk () GNUPG ORG (Werner Koch)
Date: Wed, 8 Mar 2000 11:32:41 +0100


On Tue, 7 Mar 2000, Povl H. Pedersen wrote:

The problem is, that the PGP servers expects all key IDs to be unique
numbers, and does not expect 2 users to have the same keyID. And with
the current amount of users, we are starting to get multiple users
with the same keyID.

RFC2440 clearly states that a conforming implementation MUST not assume
that key IDs are unique.  However, NAI does not claim that their PGP
is OpenPGP compatible.

There will be a keyserver admin meeting in May where we are going to
discuss all these topics.

BTW, faking the short key ID (the one that is normally displayed -
internally 64 bits are used) is possible on a standard box within some
hours.

  Werner


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]