IETF Logo Mail Archive

Re: [openpgp] Fingerprints

Christoph Anton Mitterer <calestyo@scientia.net> Wed, 06 May 2015 18:38 UTC

Return-Path: <calestyo@scientia.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE1851A6FF5 for <openpgp@ietfa.amsl.com>; Wed, 6 May 2015 11:38:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQpIong8mRf8 for <openpgp@ietfa.amsl.com>; Wed, 6 May 2015 11:38:16 -0700 (PDT)
Received: from mailgw02.dd24.net (mailgw-02.dd24.net [193.46.215.43]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FE161A6FFA for <openpgp@ietf.org>; Wed, 6 May 2015 11:38:16 -0700 (PDT)
Received: from mailpolicy-01.live.igb.homer.key-systems.net (mailpolicy-02.live.igb.homer.key-systems.net [192.168.1.27]) by mailgw02.dd24.net (Postfix) with ESMTP id 1BBFD5FC1B for <openpgp@ietf.org>; Wed, 6 May 2015 18:38:15 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mailpolicy-02.live.igb.homer.key-systems.net
Received: from mailgw02.dd24.net ([192.168.1.36]) by mailpolicy-01.live.igb.homer.key-systems.net (mailpolicy-02.live.igb.homer.key-systems.net [192.168.1.25]) (amavisd-new, port 10236) with ESMTP id mb62cqk1W2SY for <openpgp@ietf.org>; Wed, 6 May 2015 18:38:13 +0000 (UTC)
Received: from heisenberg.fritz.box (ppp-188-174-18-198.dynamic.mnet-online.de [188.174.18.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailgw02.dd24.net (Postfix) with ESMTPSA for <openpgp@ietf.org>; Wed, 6 May 2015 18:38:12 +0000 (UTC)
Message-ID: <1430937492.28399.127.camel@scientia.net>
From: Christoph Anton Mitterer <calestyo@scientia.net>
To: IETF OpenPGP <openpgp@ietf.org>
Date: Wed, 06 May 2015 20:38:12 +0200
In-Reply-To: <CAMm+LwgE0eOD1JgLYUwA_4Gh+pm-vGGd9hPX9KoUqQ9=RHBygg@mail.gmail.com>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net> <sjmlhhmakxp.fsf@securerf.ihtfp.org> <871tiupupe.fsf@littlepip.fritz.box> <1430869683.28399.109.camel@scientia.net> <CAMm+LwgE0eOD1JgLYUwA_4Gh+pm-vGGd9hPX9KoUqQ9=RHBygg@mail.gmail.com>
Content-Type: multipart/signed; micalg="sha-512"; protocol="application/x-pkcs7-signature"; boundary="=-FZpOAnf54mig3SF4AAbC"
X-Mailer: Evolution 3.12.9-1+b1
Mime-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/-BzHxeRK_OM7bSm9bUnqlGrFJp4>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2015 18:38:22 -0000

On Tue, 2015-05-05 at 21:34 -0400, Phillip Hallam-Baker wrote: 
> I don't think so. Particularly if we are going to Base32 encoding and
> make sure that there is no confusion between the legacy SHA-1
> fingerprints and the new ones.
Which is easily achieved when we add some algo/version qualifier as it
was propsed before.


> Which is why I would like to move to a fingerprint format that can be
> used with any protocol. Do it once, do it right and we don't have to
> do it again.
In principle I'd agree... apart from that I don't believe we'll never
have to do it again (in the sense of exchanging the algo).

However, as for the "core" standard I'd still only specify a simplest
form of a fingerprint string format.
e.g. something like
<algo/version>:<FPdata>
and then for the "current" algo/version e.g.
0:<base32 of the SHA3-512 FP>
(i.e. the length would be dependant on <algo/version>.

Any further specifications, like how to map this into URLs or that like
should probably go into a separate RFC.
As should any further "formats" like a QR code representation of the FP.


> We do not even need to decide on a strength. Just make is so that the
> number of significant bits is however many bits that are provided. We
> can all use SHA-2-512 or SHA-3-512 and truncate to 125, 150, 250...
> bits as the application requires.
I'm a bit sceptical about that... I think we rather should specify some
lengths/format and at least not encourage implementations to choose what
they think would be enough (cause then we have folks like GNOME which
take the first and last byte or so *grin*)

Cheers,
Chris.

v2.23.0 | Report a Bug | By Email