[Curdle] Server Fingerprints using UDF
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 24 August 2016 18:07 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF88412D667 for <curdle@ietfa.amsl.com>; Wed, 24 Aug 2016 11:07:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R2RgeXU4HYXH for <curdle@ietfa.amsl.com>; Wed, 24 Aug 2016 11:07:08 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACFA912D618 for <curdle@ietf.org>; Wed, 24 Aug 2016 11:07:07 -0700 (PDT)
Received: by mail-qk0-x22c.google.com with SMTP id l2so22954316qkf.3 for <curdle@ietf.org>; Wed, 24 Aug 2016 11:07:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to; bh=GsYzbW3hswdlBCBLx/xG4E70ekjcGju775oJ7duzQ/s=; b=NcyPtUoJ5fEjiOtouo9yH7t3zaPlw9ChXAdxy7vJPW5RBJjs5eqUIQjEFfhKgpAL8A MpsR6rql2BD+A4gNTBGXX/rHnL9BlcmGrRtpKqsCH9E0nIBuPBkbwESqNmhl5u1f7K6R fdrGCPoLahDkHJr5r2qb7hNDFIWBebyP6Bnl03jdiTfV1PVC2NkqK78IBdk7SY4avvm7 xW4wjLzxVe6X+y/eQXxFl64gvGdADGFpgVu5B43QbvF3fo3PbhcrpFu9nbeqRqaAuGPV REW9/RvfUTzerkNnCOQKIQMv8DET4RaHs7o5GM9mcqmazIDNqGMdR3dJ8Z/yhEt8kBqB JHUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=GsYzbW3hswdlBCBLx/xG4E70ekjcGju775oJ7duzQ/s=; b=Pt+AxP94UVegcOpE6rWeJUQ4iOPRPcpycIUISzGPss7f3Dzs0H142MzZndeGDeW3f6 Ty3DSvHoBTVENLwEdgKfguX6M8kqZaKsSbEkYtc6ibX2ASbcVgrTKJxpYA9uh6M/8//E 8c0RSeUc1oHa7hGFbpQPBhtrp2xqu9T8S9Wvct/on0Ero+04CbreYmQA7UUWcS8B94d4 bH002MSrhS8RoOO9MUFKGJsATgFXETwe/VdE4aELcbY+eJnGydGyqE3M0mxzxA0jCH1B LWxgmG2NqDinY2wKTLKHQEujnLIkau2wXM6OGSQJ7UZUQT9qx5SzixxerTsgXPXfAgZh 1zuQ==
X-Gm-Message-State: AE9vXwPMiItKQPTu21lDDUExkiRBnrV0/K+4yJ5UZrxnInfoaZN3jOA4p6tXQyKhXR9Zc1Csj5lt96/SnJLf7g==
X-Received: by 10.55.99.195 with SMTP id x186mr5009370qkb.26.1472062026476; Wed, 24 Aug 2016 11:07:06 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.55.158.211 with HTTP; Wed, 24 Aug 2016 11:07:05 -0700 (PDT)
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 24 Aug 2016 14:07:05 -0400
X-Google-Sender-Auth: LSCdVRhcJYNmGt3ALciuOs6zVUs
Message-ID: <CAMm+Lwgomf0jBeUUD0_9hnvm9w26mFx6E-DqOpc=85JQweiQUw@mail.gmail.com>
To: Curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="001a114d38222d102e053ad5260e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/8XnFm1s816WQYiA1VViS3lRKhkw>
Subject: [Curdle] Server Fingerprints using UDF
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2016 18:07:10 -0000
One of the things I am trying to persuade groups writing crypto applications is that we should adopt a common format for fingerprints, Why? 1) Because having a standard approach is the right thing to do 2) Because a direct trust mechanism (i.e. a fingerprint) is useful in every crypto application * OpenPGP Key fingerprints * SSH server keys AND it would be nice to do public keys one day * Roots of trust for PKIX and S/MIME 3) Because simply taking SHA-2 of 'stuff' opens possibilities for semantic substitution attacks 4) Adopting a common format encourages innovation that can benefit all applications that share that format. 5) Adopting a single fingerprint format encourages the development of applications to manage them across applications - like the Mathematical Mesh which I am working on. We are not going to get to one true representation of keys. But I think we could get to a fingerprint format that every application can use without the risk of semantic substitution attacks. I am not too bothered about the possibility that someone generates an OpenPGP key and somehow persuades S/MIME to send a message using the same key. If I am being really strict, I can see it is not ideal. What does worry me however is that if Mallet gives Alice his key fingerprint for OpenPGP, she puts it in her 'trusted key ring' and it turns out that when the SSH app interprets the sequence of bits that were fingerprinted they have some different semantics. My current proposal is in: https://tools.ietf.org/html/draft-hallambaker-udf-03 This allows use SHA-2-512 and SHA-3-512 as the hash algorithms. The default presentation is as a text string encoded in BASE32 encoding with spacing every 5 characters to promote readability. So a SSH server fingerprint might look like: MB2GK-6DUF5-YGYYL-JNY5E-RWSHZ One of the things I find rather difficult with SSH is that the key files for the applications I have seen in the wild do not comply with the spec, lines don't wrap at 72 characters. Rather worse, the files have the full public key in them which makes them a real pain to use when configuring files. I would really like to be able to configure my GitHub accounts without having to cut and paste lines with a thousand characters of text. It would be nice if the SSH config files could use fingerprints rather than the actual keys.
- [Curdle] Server Fingerprints using UDF Phillip Hallam-Baker
- Re: [Curdle] Server Fingerprints using UDF Peter Gutmann
- Re: [Curdle] Server Fingerprints using UDF Phillip Hallam-Baker