[tahoe-dev] Accounting, 2010 edition
David-Sarah Hopwood
david-sarah at jacaranda.org
Tue Dec 21 18:36:31 UTC 2010
On 2010-12-21 13:56, Greg Troxel wrote:
>
> My real point was not that openpgp should be mandatory, but that
> whatever tahoe does should be compatible, and avoid reinventing the
> trust management wheel
>
> Your comment made me realize more crisply that the real property I want
> From pgp is to be able to manage keys via pgp and then easily insert
> them into tahoe. I really do mean "manage via and insert", not "send
> email with keys as content that people will cut/paste". I remembered
> that I had heard about transforming openpgp keys to ssh keys (and
> perhaps the other way). I found
>
> http://web.monkeysphere.info/
> http://manpages.ubuntu.com/manpages/lucid/man7/monkeysphere.7.html
> http://manpages.ubuntu.com/manpages/lucid/man1/openpgp2ssh.1.html
>
> which can convert an openpgp key into ssh key format.
I don't approve of converting key material between protocols, due to the
risk of multi-protocol attacks:
<http://alexandria.tue.nl/extra1/wskrap/publichtml/200510.pdf>
<http://www.win.tue.nl/ipa/archive/falldays2005/Presentatie_Cremers.pdf>
In the public key case, if all the protocols using a given private key
do not use the same padding scheme, none of the previous analysis of those
padding schemes will apply. If they do use the same scheme, there is the
risk of a signature made for one protocol being misinterpreted as a
signature made for another, for example.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20101221/3d4e1643/attachment.pgp>
More information about the tahoe-dev
mailing list