IETF Logo Mail Archive

Re: [openpgp] [eX-bulk] : Re: Fingerprints

"Christopher LILJENSTOLPE" <cdl@asgaard.org> Wed, 06 May 2015 18:33 UTC

Return-Path: <cdl@asgaard.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34E9E1A870B for <openpgp@ietfa.amsl.com>; Wed, 6 May 2015 11:33:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VSRR2TH7SW7X for <openpgp@ietfa.amsl.com>; Wed, 6 May 2015 11:33:24 -0700 (PDT)
Received: from smtp5.emailarray.com (smtp5.emailarray.com [65.39.216.39]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F03DC1A1E0B for <openpgp@ietf.org>; Wed, 6 May 2015 11:33:21 -0700 (PDT)
Received: (qmail 17001 invoked by uid 89); 6 May 2015 18:33:20 -0000
Received: from unknown (HELO ?204.29.149.87?) (Y2RsQGFzZ2FhcmQub3JnQDUwLjc2LjM0LjE4NQ==) (POLARISLOCAL) by smtp5.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 6 May 2015 18:33:19 -0000
From: Christopher LILJENSTOLPE <cdl@asgaard.org>
To: Vincent Breitmoser <look@my.amazin.horse>
Date: Wed, 06 May 2015 11:33:16 -0700
Message-ID: <FDF01BE3-8D9D-4BAF-BE02-EE8899C799E8@asgaard.org>
In-Reply-To: <87wq0mncy0.fsf@littlepip.fritz.box>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net> <sjmlhhmakxp.fsf@securerf.ihtfp.org> <871tiupupe.fsf@littlepip.fritz.box> <1430869683.28399.109.camel@scientia.net> <CAMm+LwgE0eOD1JgLYUwA_4Gh+pm-vGGd9hPX9KoUqQ9=RHBygg@mail.gmail.com> <87y4l2noqd.fsf@littlepip.fritz.box> <87wq0mt1si.fsf@vigenere.g10code.de> <87wq0mncy0.fsf@littlepip.fritz.box>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_28DD80C0-017B-4F5A-9CF4-B32E880EE5C8_="; micalg="sha1"; protocol="application/pkcs7-signature"
X-Clacks-Overhead: GNU Terry Pratchett
X-Mailer: MailMate (1.9.1r5084)
X-PolarisMail-Flags: x
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/1PO3dX_qaDUBZK36uYZHuQSN9RU>
Cc: Werner Koch <wk@gnupg.org>, Christoph Anton Mitterer <calestyo@scientia.net>, Phillip Hallam-Baker <phill@hallambaker.com>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] [eX-bulk] : Re: Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2015 18:33:26 -0000

<proto-hat off>

> On 6 May 2015, Werner Koch wrote:
>> To be future proof we should get away from SHA-1 for fingerprints
>> and use SHA-256 (or SHA-512) instead.
>
> I have no quarrel with changing the hash algo.  If it improves security
> at no cost of usability or complexity - go for it.
>
>> The external representation and even the internal use in OpenPGP is a
>> different issue and I am all in favor for truncating it to 32 bytes
>> for internal use and printing only up to 20 bytes.  This avoids extra
>> work and SHA-256 is anyway required.
>
> Sounds good to me.  I'm just afraid that if "something stronger" is
> available, people are going to use it.  Design decisions and established
> culture on top of the standard tend to be maximum conservative.  Sort of
> if you don't use the "full fingerprint" you're not doing "everything you
> can" and people will use all 32 bytes no matter if it was ever intended
> that way.  That's not a huge deal, we just need to keep it in mind.
>
> I would leave the fingerprint length at 20 bytes in the standard, if an
> implementation chooses to use more internally that's up to them.
> Defining the fingerprint to be 32 bytes, then adding "for printing, it
> SHOULD be truncated to 20 bytes" seems silly.

I think this is a reasonable approach.  The phrasing I would use would be something along the lines of:

Any implementation MUST accept a 20 byte fingerprint for validation, consisting of the first 20 bytes of the calculated fingerprint.
An implementation MAY output, or accept, a longer fingerprint, if desired.
An implementation MAY output, or accept, the legacy SHA-1 fingerprint, for interoperability, but it's use SHOULD be discouraged.

The use of RFC 4648 would make things easier, btw, and also signal the new fingerprint model.

The concept will be familiar to anyone who uses git, btw.


	Christopher

>
> - V
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp


--
李柯睿
Avt tace, avt loqvere meliora silentio
Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc
Current vCard here: http://www.asgaard.org/cdl/cdl.vcf
keybase: https://keybase.io/liljenstolpe

v2.23.0 | Report a Bug | By Email