Re: [openpgp] The checksum may appear

Paul Wouters <paul@nohats.ca> Thu, 29 April 2021 03:58 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 694C93A2DB0 for <openpgp@ietfa.amsl.com>; Wed, 28 Apr 2021 20:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zP6ol-RP2NAZ for <openpgp@ietfa.amsl.com>; Wed, 28 Apr 2021 20:58:27 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C40B3A2DAF for <openpgp@ietf.org>; Wed, 28 Apr 2021 20:58:27 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4FW1v25Gsfz1K7; Thu, 29 Apr 2021 05:58:22 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1619668702; bh=uBDzpnOInkJ7X/6HU9JWJJIU+cRbpEj7utgYRSFsueI=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=bERMBFL4rM7uy7/Va2znsk5h3QYME9Eg2+2WUoXXutKeQYKclW17oZ+PQQ1NRJEHY 5Q9Zc3RQbAR8uEgfIDcDaaOvfV1eOA2WqS1w362EwzdJ72Qh+idNdPqDT07U7dgnPI 8cSjtfLHoDAeJi89S8cRYzGHcaU/vmf6O8zY7bCo=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 42r4ssPuqCnk; Thu, 29 Apr 2021 05:58:21 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 29 Apr 2021 05:58:21 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 1B7BE6029A70; Wed, 28 Apr 2021 23:58:20 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 12BFF66B7C; Wed, 28 Apr 2021 23:58:20 -0400 (EDT)
Date: Wed, 28 Apr 2021 23:58:19 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: =?ISO-8859-15?Q?=C1ngel?= <angel@16bits.net>
cc: openpgp@ietf.org
In-Reply-To: <9cf9ae77e21fa330918df0754707e9304a41fd36.camel@16bits.net>
Message-ID: <2587c395-7ce0-c9dd-817c-1b53321a8ed@nohats.ca>
References: <20210317145508.136021-1-dkg@fifthhorseman.net> <5a927ffed96b38efa08c58b6a29e565dff87a535.camel@16bits.net> <87blbfpr9b.fsf@wheatstone.g10code.de> <9cf9ae77e21fa330918df0754707e9304a41fd36.camel@16bits.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8BIT
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/3ak-1DUnP9Idv-qvarzrHtbR9pk>
Subject: Re: [openpgp] The checksum may appear
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Apr 2021 03:58:32 -0000

On Thu, 25 Mar 2021, Ángel wrote:

It is not clear to me what the WG would like to do here on the
"optional checksum" item.

Ángel proposed something, Werner agreed, but then Ángel wasn't sure
anymore. It would be good to get more and/or clarified views on this
issue.

Paul


> On 2021-03-19 at 07:54 +0100, Werner Koch wrote:
>> > -The checksum with its leading equal sign MAY appear on the first line
>> > after the base64 encoded data.
>> > +If present, the checksum with its leading equal sign SHALL appear on
>> > the next line after the base64 encoded data.
>> 
>> Adding "optional" and making the CRC a SHOULD create indeed clarifies
>> the intention of the RFC.  Thus I am in favor of this change.
>
> Note I wasn't placing the later. I only stated that you can only place
> the checksum at the end.
> I was planning to treat this as a feature request and add a phrase with
> such SHOULD, since I agree it's a good idea, but turns out I can't come
> out with a better rationale than “it's cheap enough it makes sense to
> do it even if not giving much value”.
>
> What is the goal of the armor CRC?
> The only good use case I can think of is when a human has been
> involved, such as when restoring a key from paper.
>
> On other scenarios, the CRC would either be too weak (e.g. in presence
> of an active attacker) or protecting from an error that would already
> have been handled at lower layers.
> [1] and [2] suggest it was added to avoid modem line noise altering the
> messages (which nowadays should be discarded at e.g. TCP).
>
> Without a compelling use case, I don't think it should be a SHOULD.
> And finally, we should at least mention why it was once considered
> useful.
>
>
> The original change is available in git mode at
> https://gitlab.com/Angel-Gonzalez/rfc4880bis/-/tree/checksum-may-appear
>
>
> Best regards
>
> 1- https://mailarchive.ietf.org/arch/msg/openpgp/3K6tSdebEjQw8K1z1pZkXxyvu-k/
> 2- https://mailarchive.ietf.org/arch/msg/openpgp/2FmAqP-nJkV08E1qQ4YNO2xR2Pc/
>
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp