IETF Logo Mail Archive

Re: [openpgp] Fingerprints

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 06 May 2015 20:38 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 639BE1B2EE0 for <openpgp@ietfa.amsl.com>; Wed, 6 May 2015 13:38:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.278
X-Spam-Level:
X-Spam-Status: No, score=-3.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, GB_I_LETTER=-2, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNM296gtzaIp for <openpgp@ietfa.amsl.com>; Wed, 6 May 2015 13:38:30 -0700 (PDT)
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com [IPv6:2a00:1450:4010:c03::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 042351ACE26 for <openpgp@ietf.org>; Wed, 6 May 2015 13:38:29 -0700 (PDT)
Received: by layy10 with SMTP id y10so16308505lay.0 for <openpgp@ietf.org>; Wed, 06 May 2015 13:38:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=QG4R5ozi0+xwzjRHW40Kt3XEeeJ+dryPbdTX19GE0D8=; b=boGIRfOPzkiiYVMrLL87ZL3X9Onu/uo3YIWO79w3JpMn432j7DvLdeL26y0mTs5kDB xZwm7EqEfOMszpJss4iki+m9gq86kiwGsnXsd+AC9WYbN5tpXe6pfh6XJPzbWqP0UB/+ g9o1MnIVq07F3EF6U8vtsr8hyawFo8PvRA2X4WyEpCnW6lSeEENL2A76+7udsStwAUGe 6tsTaQDFKsVtIBtPiagWBDnq8tty12XMotm2+a8z7ymqoi2RkaXJU4LDvBCFSAz6QFwk 1kgNHPRlVlGx40KiQZnLsnK0GEjkgiwDfYS2l2w+VGWsqK97QM1cHX/bDFQ3JA13A77W BFgA==
MIME-Version: 1.0
X-Received: by 10.112.202.103 with SMTP id kh7mr404663lbc.118.1430944708323; Wed, 06 May 2015 13:38:28 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Wed, 6 May 2015 13:38:27 -0700 (PDT)
In-Reply-To: <1430937492.28399.127.camel@scientia.net>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net> <sjmlhhmakxp.fsf@securerf.ihtfp.org> <871tiupupe.fsf@littlepip.fritz.box> <1430869683.28399.109.camel@scientia.net> <CAMm+LwgE0eOD1JgLYUwA_4Gh+pm-vGGd9hPX9KoUqQ9=RHBygg@mail.gmail.com> <1430937492.28399.127.camel@scientia.net>
Date: Wed, 06 May 2015 16:38:27 -0400
X-Google-Sender-Auth: rvkmlsH0Z4qAu7sDlwzdfsNhkeU
Message-ID: <CAMm+Lwh2J6mMuDouc1PtBpfTU5Pcwj=+KNDehi6nwRabivoOrg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Christoph Anton Mitterer <calestyo@scientia.net>
Content-Type: multipart/mixed; boundary="001a11c3699a08bf8d05156fc785"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/1vC9EuxiJ6T1HRptOsWRUeaZDPw>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2015 20:38:32 -0000

On Wed, May 6, 2015 at 2:38 PM, Christoph Anton Mitterer
<calestyo@scientia.net> wrote:
> On Tue, 2015-05-05 at 21:34 -0400, Phillip Hallam-Baker wrote:
>> I don't think so. Particularly if we are going to Base32 encoding and
>> make sure that there is no confusion between the legacy SHA-1
>> fingerprints and the new ones.
> Which is easily achieved when we add some algo/version qualifier as it
> was propsed before.

One of the reasons I suggested the code numbers for SHA-2 and SHA-3
that I did earlier is they guarantee that the first letter of the
fingerprint will be M (SHA-2 'Merkle') or S (SHA-3 'Spongeworthy').
Thus ensuring that they are distinct from SHA1 fingerprints.


>> Which is why I would like to move to a fingerprint format that can be
>> used with any protocol. Do it once, do it right and we don't have to
>> do it again.
> In principle I'd agree... apart from that I don't believe we'll never
> have to do it again (in the sense of exchanging the algo).

The leading byte gives both the method of constructing the hash and
the algorithm to use. I suggest we define code points for SHA-2 and
SHA-3 using an identical construction approach.



> However, as for the "core" standard I'd still only specify a simplest
> form of a fingerprint string format.
> e.g. something like
> <algo/version>:<FPdata>
> and then for the "current" algo/version e.g.
> 0:<base32 of the SHA3-512 FP>
> (i.e. the length would be dependant on <algo/version>.

I think we can go even simpler:

Fingerprint = Base32ify (BinaryFP)

BinaryFP = ID + H( HashedValue)
HashedValue =  <Content-Type> ':' <Data>

Since the MIME content registry does not permit entries with a colon
in the tag, this is guaranteed to be unambiguous. And since a
Content-Type can be defined for any data object that might need to be
hashed, it can support any content.

All the PGP related information would go in the <Data> field, so that
would include the PGP format version identifier, algorithm code, etc,
etc.


> Any further specifications, like how to map this into URLs or that like
> should probably go into a separate RFC.
> As should any further "formats" like a QR code representation of the FP.

All that would be needed in the PGP spec would be a definition of the
PGP Key Packet and a MIME registration (if not already registered).

We should definitely split the consideration of QR codes etc out of
the PGP doc. We probably want to define the QR code in such a way that
a device can recognize that a QR code is intended to be a PGP key and
handle it appropriately. We also want to make sure we don't waste bits
in QR space. And it has to be possible to convert an ascii fingerprint
to QR format.


>> We do not even need to decide on a strength. Just make is so that the
>> number of significant bits is however many bits that are provided. We
>> can all use SHA-2-512 or SHA-3-512 and truncate to 125, 150, 250...
>> bits as the application requires.
> I'm a bit sceptical about that... I think we rather should specify some
> lengths/format and at least not encourage implementations to choose what
> they think would be enough (cause then we have folks like GNOME which
> take the first and last byte or so *grin*)

If we are using Base32 and character groups of 5 characters (7-2
rule), the keys naturally come in 25 bit increments.

A 125 bit fingerprint has 117 bits and looks like this:
MFRTK-NJSMF-STOMR-WG5ST-ONZXGA

If we go for 150 bits we get:
MFRTK-NJSMF-STOMR-WG5ST-ONZXGA-YDKZB

>From a security point of view, we really don't need to go beyond 128
bits unless we are planning to use 256 bit encryption.

I think that either of those is acceptable on a business card.


The QR code equivalent is manageable even without format tweaks (attached).


In 'under the covers' applications the user does not need to see, I
would hope we would support use of the 256 bit or full 512 bit
fingerprint. I would also hope we can use the possibility of an online
store to 'stretch' a fingerprint. If the user types in a 25 character
fingerprint, the system can get the rest off a key service.

v2.23.0 | Report a Bug | By Email