[openpgp] Fingerprints
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 10 April 2015 13:23 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC8CD1B354E for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 06:23:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VUjU2Ho4z1qc for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 06:23:20 -0700 (PDT)
Received: from mail-lb0-x231.google.com (mail-lb0-x231.google.com [IPv6:2a00:1450:4010:c04::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F9841B3538 for <openpgp@ietf.org>; Fri, 10 Apr 2015 06:23:20 -0700 (PDT)
Received: by lbbuc2 with SMTP id uc2so13533614lbb.2 for <openpgp@ietf.org>; Fri, 10 Apr 2015 06:23:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:cc:content-type; bh=VC8zEni9TZacoDMrp8h3H90X2lTMwf+ePuE8g2IoFLk=; b=YOC6crx+Daoz7aSMHj86OK5VqqdM4urofnIQ5oGDB30XyGdDXvzYbhHqsHgRg+/Gjv 5VLG+QDrjpoKLHb2d4e3wHvK++EWio8oGDdk7pLYtRBApcdtGqFQdJvPeEnjIRTTRM2g 6bsmn3iJ+/YYmxzf+pAB2BIr9MpkA/5jkZWLT5EajS/ZOThQ4FU4SYqb98B+omc+DeNB jL2ZJFRt6a93CIyCcP/AHZaSNUlCn9uPGn9/vuwpph6UZ0AU+W7cETxXoTfaWI4B/qTd BxRHMSmbEfDuRhJSDZ1w8nR+vDSGOtPH0rwPt/sgMfu3URy4Z3h+RfE7inS58uNK4bZv B9dA==
MIME-Version: 1.0
X-Received: by 10.152.120.8 with SMTP id ky8mr1399348lab.118.1428672198806; Fri, 10 Apr 2015 06:23:18 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.147.165 with HTTP; Fri, 10 Apr 2015 06:23:18 -0700 (PDT)
Date: Fri, 10 Apr 2015 09:23:18 -0400
X-Google-Sender-Auth: ssnSXCSzzkCe4IJPvtWd2_-oj0c
Message-ID: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/2C9gTsxTgh29W8VX8x70OYZqfUY>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>
Subject: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 13:23:22 -0000
On Fri, Apr 10, 2015 at 7:38 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > Hiya, here's the 2nd thread, starting from DKG's list. Please > discuss... (We don't need +1's for this, just tweaks, corrections, > additions etc.) If someone wanted to put this on github or > somewhere else the group can edit it, that'd also be fine. > > Ta, > S. > > a) update the fingerprint format (avoid inclusion of creation date, use > stronger digest algorithm; i'm dubious about embedding algorithm > agility in the fingerprint itself, but explicit version info in the > fingerprint might be reasonable so we don't have to keep guessing by > fpr structure for future versions) I would like to get started on this bit ASAP as it is the one that has the most long term consequences. There is no need to have an algorithm field, a version field is sufficient because we should only be using one algorithm at a given time. There is no need for a length field either. Right now, I am using a one byte version field for my scheme. I am also using SHA512 and truncating to 128 bits, then base 32 encoding. The rationale for this is * Case sensitivity breaks in many applications where fingerprints might be used. Reading over the telephone, putting them in the DNS, etc. * Fingerprints are the root of trust, there is an outside chance that SHA-2-256 might be broken but breaking SHA-2-512 truncated to 256 bits is a lot harder because it has 80 rounds rather than 64. * The birthday attack is not relevant, nor are key substitution attacks for most situations where you might want to use a fingerprint. Occasionally however, they do matter. Using SHA-2-512 and truncating makes it possible to 'upgrade' the fingerprint by just adding back the bits that were omitted. This has particular advantages when enrolling fingerprints in a TRANS like log. We can enroll the full 512 bit fingerprint without impact on things like business cards. The bit that will probably be controversial is how I am calculating them, over an X.509v3 KeyInfo block. There is method to the madness however: First, fingerprints and key hashes are appearing in many different IETF specs. We have them in HTTP key pinning and in many other specs. I would like to be able to use one key fingerprint in any situation. Adding a key or fingerprint into an identifier allows it to be 'hardened', basically we have a self authenticating identifier. This is very powerful. To have one fingerprint format that supports every protocol requires that we have a single registry of identifiers that can be used for any protocol. There will always be an OID for any protocol the IETF uses and this mechanism requires no maintenance by either IETF or IANA. If people want to use vanity crypto, they can and they don't need to come to us with a draft. They don't get to claim IETF endorsement either. As a practical matter, the impact on coding is virtually nil. The conversion between the ASCII and byte format of OIDs is a bit of a pain but it results in a byte sequence that can just be prepended to the key bytes. It is not necessary to implement a DER encoder just to calculate KeyInfo blobs any more than it is necessary to do this for implementing PKCS #1 for RSA. Low level crypto has always involved bits of ad-hoc ASN.1 and probably always will. And quite often it turns out that even the crypto libraries that contain full ASN.1 parser/encoders implement these particular structures by hand. Now if the group really wants to do something different, then I could do that. But I want to start shipping my stuff and getting people using the code. If people really can't stomach ASN.1 code then we could do some other key format. But the problem then becomes having to specify how to express new algorithms in that format.
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Werner Koch
- [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Tom Ritter
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Stephen Paul Weber
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints David Shaw
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Designated Revokers Vincent Breitmoser
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Daniel Ranft
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- [openpgp] [RFC4880bis PATCH] Deprecate "Revocatio… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Neal H. Walfield
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Werner Koch
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Paul Wouters
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… Daniel Kahn Gillmor