Re: 1024-bit RSA keys in danger of compromise

From: Florian Weimer (Weimer@CERT.Uni-Stuttgart.DE)
Date: Thu Mar 28 2002 - 10:18:50 CET

Previous message: http-equiv@excite.com: "HELP.dropper: IE6, OE6, Outlook...lookOut"
In reply to: Lucky Green: "1024-bit RSA keys in danger of compromise"
Next in thread: Hugh Pierce: "Re: 1024-bit RSA keys in danger of compromise"
Reply: Hugh Pierce: "Re: 1024-bit RSA keys in danger of compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

"Lucky Green" <shamrock@cypherpunks.to> writes:

> In light of the above, I reluctantly revoked all my personal 1024-bit
> PGP keys and the large web-of-trust that these keys have acquired over
> time.

And this is certainly the wrong thing to do. Key revocations are not
the proper way to deal with algorithmic weaknesses. Many people will
follow your advice and destroy large parts of the web of trust, and we
don't even know yet if there's a real threat (Bernstein himself said
so a few weeks ago, for example).

You don't revoke your keys just because someone can impersonate you,
using bugs in a widespread OpenPGP implementation, do you?

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Previous message: http-equiv@excite.com: "HELP.dropper: IE6, OE6, Outlook...lookOut"
In reply to: Lucky Green: "1024-bit RSA keys in danger of compromise"
Next in thread: Hugh Pierce: "Re: 1024-bit RSA keys in danger of compromise"
Reply: Hugh Pierce: "Re: 1024-bit RSA keys in danger of compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Mar 28 2002 - 17:43:03 CET