Re: [openpgp] Mining protection in fingerprint schemes

Phillip Hallam-Baker <phill@hallambaker.com> Sat, 16 April 2016 20:16 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA74B12DF01 for <openpgp@ietfa.amsl.com>; Sat, 16 Apr 2016 13:16:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0UnK-rq5Sfgt for <openpgp@ietfa.amsl.com>; Sat, 16 Apr 2016 13:16:28 -0700 (PDT)
Received: from mail-lf0-x233.google.com (mail-lf0-x233.google.com [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9FB212DEFF for <openpgp@ietf.org>; Sat, 16 Apr 2016 13:16:27 -0700 (PDT)
Received: by mail-lf0-x233.google.com with SMTP id g184so179220343lfb.3 for <openpgp@ietf.org>; Sat, 16 Apr 2016 13:16:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=hkqmyQ3nDhIsdpDJyTaUwD43dm8F50pzLn6gGsijHXA=; b=bwE7BbCMV/swzycSqkGzLyKRj4oYtt5rj2hYAieIftUHgHRTBErXlg0gmDadWDrmQw icCuqyg8NgigPbslJuMhTRgRJlKrry+2r2sfF192d5D7cUKhqdnH8FToutcxRbrCC20P i9nq7TEspKjkG0/kI7al5cTLqMtSql8adQ6khpB6vK+pRKWpZ7Y6EsKKr/TCDftjMJI3 YwgnjIHt9G9Hs8GJdRmqjd3tonEnA9QTX6nx+A0xezbJVCldSFjPUAKFQN3AbOTgbqvZ loQP8DibiP2GOzCFsIFf+GaYwRZNTi3g6oNxtnwIv3Qz2c12my+yiUV/ZX8ro1t57GJQ 6bbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=hkqmyQ3nDhIsdpDJyTaUwD43dm8F50pzLn6gGsijHXA=; b=Lmt5d+hKyVlVN47WhwpHkLtt+sU/mHZjmPcncmytu3ZGuqUvA6/VJdEBsVNDQVCdKg kAKFQFp32CuDPz/pS3jGRK6cnHKJjI8GU8lcBcgTVtHgp3baYvji5mHUXlHsCMJu8J7J gBnX2uaz6YGEE23HgDj8PIIJlocH8rVDOoeHeyeIDbvVCF6xh3AYXmC24a5jZ5T3LxiM uOMz6T9TueXh+AmrUQKPXbVpFYQ03P3DLOM2kbKhvvKdZRcc1ZwyTOQyck6BCpB/Uocc AfMy13ZbYOERW8wSwx/rgbTDLdke3LV9Z2cksnNxf44rSjUZjkv0atIBZ1TxtOacrEN1 pwXA==
X-Gm-Message-State: AOPr4FX5aqVAWiL5X4QdHDAW4ZAVCsbaiFkStxJS9GHIb7eO4JHVRhDxlb7l+5hwBPLNH/tBKqkwMWVXwuyNtw==
MIME-Version: 1.0
X-Received: by 10.112.181.38 with SMTP id dt6mr11502782lbc.114.1460837785834; Sat, 16 Apr 2016 13:16:25 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.3.102 with HTTP; Sat, 16 Apr 2016 13:16:25 -0700 (PDT)
In-Reply-To: <87wpo3smzj.fsf@alice.fifthhorseman.net>
References: <4C08CDDD-4C06-41AD-9797-7DD6F08ECD06@gmail.com> <2AA5B912-0AE6-4722-8BC7-66E37559C0B1@callas.org> <D17B23A3-633F-4E4E-BC14-69ED6060F357@gmail.com> <6E221A61-7AB2-4E0B-B64D-60F210A0131F@callas.org> <E9A5B4B3-0EEC-4E86-8CEC-6680A24BE44F@gmail.com> <0D7A75AB-74C6-40E9-87C5-BA6F05FCDBF7@callas.org> <87oa9jo5sp.fsf@alice.fifthhorseman.net> <9C461E78-DC60-4B9D-A0DF-170F4759A57D@callas.org> <5E793A3D-128D-470A-8DF7-50827F39E02F@gmail.com> <20160410211449.GA12408@littlepip.fritz.box> <CAMm+Lwgqbv4S94M2xYua4gAOWFxr_Kt5y6X8tQEWkaf7weeH+A@mail.gmail.com> <87wpo3smzj.fsf@alice.fifthhorseman.net>
Date: Sat, 16 Apr 2016 16:16:25 -0400
X-Google-Sender-Auth: 3v_bDnBh5nac5x0JQ8oyCztNeWA
Message-ID: <CAMm+LwgJV8qDSz=JKXzYLg6JuPeOjLVamhJEhORwa6z1AGG+Lw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/4Q7Ck6cSHuvIiakls8ru_neTIIs>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Mining protection in fingerprint schemes
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Apr 2016 20:16:30 -0000

As a general rule, humans remember 7+/-2 items in short term (working) memory.

So trying to compare two 25 character, base32 fingerprints is going to
be error prone. This is why I use character grouping in my UDF
proposal to group them into blocks of 5. But even that isn't ideal by
any means.

So yes, I agree with DKG that typing a fingerprint in (or cut n'
paste) is often the way to go.


As I see it, Base32 is the 'mandatory to implement' option. We need it
because that is the only thing that is going to work in circumstances
for which we currently use PGP fingerprints (and all the other stuff I
want to support).

But I don't have to be limited to just that when I am connecting my
new watch to my personal set of connected devices. For that, a better
choice would be a vocabulary of words or images. If the vocabulary has
65536 entries, I can encode the entire fingerprint in 6-8 images
(depending on whether I choose to use work hardening).

This is an option of course. But it is a very good option to have for
two reasons. First it allows us to make crypto easier. But secondly,
it gives a lot of people who want to help make crypto happen a
tangible thing that they can work on that will help.

I see compiling the dictionary as a campaign tool opportunity.
Something that groups like the EFF, ACLU and such could kick off.
Sanitizing a vocabulary of 64K English words would be a task a student
could complete in a week. With that proof point and the tools, we
would then create dictionaries for the next 32 most used languages
through crowd sourcing.

Every person who worked on the project would be invested in the
success. They would be advocates for the system they invested in.


The other approach I am rather taken by is a modification of the
'synchronized LED blink' scheme someone proposed here. It turns out
there is quite a bit of prior art.

Say you are in a data center. There is a red light on every CPU card,
they all blink in synchronization. This tells you two things, First
that they are all connected to the same clock with negligible skew and
secondly that they are all controlled under the same root of trust.
Isn't that exactly the sort of information that it would be great to
have in a data center?

The modification that I would like to see is that instead of just
turning an LED on or off, it can be used to broadcast additional data
or the root of trust data at a higher bitrate.

The upshot of that is that when I hold a camera up to the LED, such as
the one on my smartphone, it can capture data from the device at a
rate of 10-Baud or so. (30fps camera / 2 - overhead). Its not exactly
fast but I can get a machine readout of the trust root fingerprint and
the machine fingerprint in half a minute (125 bits each)

I don't know about you, but I for one would have loved being able to
find out what a device was and what was controlling it in 30 seconds
without unplugging it back when I did big data center stuff.

Again, it is an option, it is not the mandatory to implement. But the
point of having a standard is to choose something that works for both
the narrow case and can be extended to new and interesting uses as
well.