On Tue, Sep 9, 2014 at 2:52 PM, Max Krohn <[email protected]> wrote: > A Keybase “proofs” is a signatures of JSON object that includes: [...] (3) > the user’s PGP fingerprint >
Sorry, I must've glossed over this. It would seem to provide an immediate defense to forging a keypair under which the signature would validate, however it seems in conjunction with a SHA1 collision that allows the replacement of the fingerprint in the original message, this could be potentially problematic. -- Tony Arcieri
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
