[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: angelos@dsl.cis.upenn.edu (Angelos D. Keromytis)*Subject*: Re: public key algorithm naming*From*: fredette@theory.lcs.mit.edu (Matt Fredette)*Date*: Thu, 12 Mar 1998 16:41:42 -0500 (EST)*Cc*: spki@c2.net*In-Reply-To*: <199803122105.QAA18850@adk.gr> from "Angelos D. Keromytis" at Mar 12, 98 04:00:36 pm*Sender*: owner-spki@c2.net

> In message <199803121849.KAA08196@s20.term1.sb.rain.org>, Hal Finney writes: > >If you don't put the hash algorithm in the key, then if there were a > >weak hash algorithm, people could forge signatures using that hash. > >They could take an existing signature and create a structure which hashes > >to the same value using the weak hash. > > And how is that different from putting the hash algorithm name in the > signature ? Which is where it belongs anyway, since that's where the > algorithm is used ? > - -Angelos IMO, the hash algorithm you use to sign is as important a part of "you" as your key parameters are. It serves to define you as much as anything, in the digital world, where everything comes from signatures. Listing your hash algorithm beside your key parameters gives it this important meaning - since keys get signed as parts of certificates and are also listed in ACLs. The way I see it, a signature from someone with your same key parameters but using a different hash function is not you. Matt -- Matt Fredette fredette@bbnplanet.com, fredette@mit.edu, fredette@theory.lcs.mit.edu http://mit.edu/fredette/www "The first time the Rolling Stones played, three people came."

**Re: public key algorithm naming***From*: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

- Prev by Date:
**Re: public key algorithm naming** - Next by Date:
**Re: The role of trust in certification** - Prev by thread:
**Re: public key algorithm naming** - Next by thread:
**Re: public key algorithm naming** - Index(es):