|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Hugh Pierce (hpierce
stutzmanpierce.com)Date: Thu Mar 28 2002 - 13:47:06 CST
Eroding the web of trust is indeed unfortunate, but these developments may
be too unnerving for some sections of crypto users to sit idle with the
possibility hanging over their heads of the NSA being able to break <1024
keys.
The article below covers both arguments well:
http://www.eweek.com/article/0,3658,s=712&a=24663,00.asp
Hugh
Hugh Pierce, Founder and CTO
STUTZMANPIERCE, INC.
Intelligence Based Information Security
www.stutzmanpierce.com
> "Lucky Green" <shamrockcypherpunks.to> writes:
>
> > In light of the above, I reluctantly revoked all my personal 1024-bit
> > PGP keys and the large web-of-trust that these keys have acquired over
> > time.
>
From: "Florian Weimer" <WeimerCERT.Uni-Stuttgart.DE>
> And this is certainly the wrong thing to do. Key revocations are not
> the proper way to deal with algorithmic weaknesses. Many people will
> follow your advice and destroy large parts of the web of trust, and we
> don't even know yet if there's a real threat (Bernstein himself said
> so a few weeks ago, for example).
>
> You don't revoke your keys just because someone can impersonate you,
> using bugs in a widespread OpenPGP implementation, do you?
>
> --
> Florian Weimer WeimerCERT.Uni-Stuttgart.DE
> University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
> RUS-CERT +49-711-685-5973/fax +49-711-685-5898
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]