On Fri, Jun 18, 1999 at 02:57:19PM +0000, [EMAIL PROTECTED] wrote:
> Of course we can dream of having it use X.509 certs and PGP keys and
> every other PKI that comes along, but that is clearly a long way down
> the road. Some simple way to verify keys out of band and mark them
> that way would be a good starting point. Can you do signatures with
> ElGamal keys? Weren't there some problems with ElGamal sigs found
> last year?
There is a paper in EUROCRYPT '96 about forging ElGamal signatures (see
http://www.bell-labs.com/user/bleichen/bib.html). And in general it's a bad
idea to use the same key pair for encryption and for signatures even if the
signature scheme has no problems.
For this problem of marking personally trusted keys, it's not necessary to
use a signature scheme. A message authentication code (MAC) would be
sufficient.
