Re: [openpgp] [eX-bulk] : Re: Fingerprints
"Christopher LILJENSTOLPE" <cdl@asgaard.org> Wed, 06 May 2015 18:34 UTC
Return-Path: <cdl@asgaard.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97D5F1A8028 for <openpgp@ietfa.amsl.com>; Wed, 6 May 2015 11:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7azCEF7ZOuO3 for <openpgp@ietfa.amsl.com>; Wed, 6 May 2015 11:34:51 -0700 (PDT)
Received: from smtp5.emailarray.com (smtp5.emailarray.com [65.39.216.39]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75BDD1A1E0B for <openpgp@ietf.org>; Wed, 6 May 2015 11:34:51 -0700 (PDT)
Received: (qmail 19422 invoked by uid 89); 6 May 2015 18:34:50 -0000
Received: from unknown (HELO ?204.29.149.87?) (Y2RsQGFzZ2FhcmQub3JnQDUwLjc2LjM0LjE4NQ==) (POLARISLOCAL) by smtp5.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 6 May 2015 18:34:50 -0000
From: Christopher LILJENSTOLPE <cdl@asgaard.org>
To: Vincent Breitmoser <look@my.amazin.horse>
Date: Wed, 06 May 2015 11:34:42 -0700
Message-ID: <3658B688-5B15-4E0F-8D5C-422AC10A982E@asgaard.org>
In-Reply-To: <FDF01BE3-8D9D-4BAF-BE02-EE8899C799E8@asgaard.org>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net> <sjmlhhmakxp.fsf@securerf.ihtfp.org> <871tiupupe.fsf@littlepip.fritz.box> <1430869683.28399.109.camel@scientia.net> <CAMm+LwgE0eOD1JgLYUwA_4Gh+pm-vGGd9hPX9KoUqQ9=RHBygg@mail.gmail.com> <87y4l2noqd.fsf@littlepip.fritz.box> <87wq0mt1si.fsf@vigenere.g10code.de> <87wq0mncy0.fsf@littlepip.fritz.box> <FDF01BE3-8D9D-4BAF-BE02-EE8899C799E8@asgaard.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_D636DFBC-BBB3-4444-9140-D6836E4C8C4E_="; micalg="sha1"; protocol="application/pkcs7-signature"
X-Clacks-Overhead: GNU Terry Pratchett
X-Mailer: MailMate (1.9.1r5084)
X-PolarisMail-Flags: x
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/1nfpiQ0iAqRPPTF3GydXRKJftGM>
Cc: Werner Koch <wk@gnupg.org>, Christoph Anton Mitterer <calestyo@scientia.net>, Phillip Hallam-Baker <phill@hallambaker.com>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] [eX-bulk] : Re: Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2015 18:34:53 -0000
Ooops, forgot to reassert the bit.... </proto-hat off> On 6 May 2015, at 11:33, Christopher LILJENSTOLPE wrote: > <proto-hat off> > >> On 6 May 2015, Werner Koch wrote: >>> To be future proof we should get away from SHA-1 for fingerprints >>> and use SHA-256 (or SHA-512) instead. >> >> I have no quarrel with changing the hash algo. If it improves security >> at no cost of usability or complexity - go for it. >> >>> The external representation and even the internal use in OpenPGP is a >>> different issue and I am all in favor for truncating it to 32 bytes >>> for internal use and printing only up to 20 bytes. This avoids extra >>> work and SHA-256 is anyway required. >> >> Sounds good to me. I'm just afraid that if "something stronger" is >> available, people are going to use it. Design decisions and established >> culture on top of the standard tend to be maximum conservative. Sort of >> if you don't use the "full fingerprint" you're not doing "everything you >> can" and people will use all 32 bytes no matter if it was ever intended >> that way. That's not a huge deal, we just need to keep it in mind. >> >> I would leave the fingerprint length at 20 bytes in the standard, if an >> implementation chooses to use more internally that's up to them. >> Defining the fingerprint to be 32 bytes, then adding "for printing, it >> SHOULD be truncated to 20 bytes" seems silly. > > I think this is a reasonable approach. The phrasing I would use would be something along the lines of: > > Any implementation MUST accept a 20 byte fingerprint for validation, consisting of the first 20 bytes of the calculated fingerprint. > An implementation MAY output, or accept, a longer fingerprint, if desired. > An implementation MAY output, or accept, the legacy SHA-1 fingerprint, for interoperability, but it's use SHOULD be discouraged. > > The use of RFC 4648 would make things easier, btw, and also signal the new fingerprint model. > > The concept will be familiar to anyone who uses git, btw. > > > Christopher > >> >> - V >> _______________________________________________ >> openpgp mailing list >> openpgp@ietf.org >> https://www.ietf.org/mailman/listinfo/openpgp > > > -- > 李柯睿 > Avt tace, avt loqvere meliora silentio > Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc > Current vCard here: http://www.asgaard.org/cdl/cdl.vcf > keybase: https://keybase.io/liljenstolpe_______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- 李柯睿 Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Werner Koch
- [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Tom Ritter
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Stephen Paul Weber
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints David Shaw
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Designated Revokers Vincent Breitmoser
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Daniel Ranft
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- [openpgp] [RFC4880bis PATCH] Deprecate "Revocatio… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Neal H. Walfield
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Werner Koch
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Paul Wouters
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… Daniel Kahn Gillmor