Re: including the entire fingerprint of the issuer in an OpenPGP certification
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 18 January 2011 02:42 UTC
Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0I2gCIF010991 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jan 2011 19:42:12 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0I2gBvS010990; Mon, 17 Jan 2011 19:42:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0I2g7mN010985 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL) for <ietf-openpgp@imc.org>; Mon, 17 Jan 2011 19:42:11 -0700 (MST) (envelope-from pgut001@login01.fos.auckland.ac.nz)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1295318531; x=1326854531; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20ietf-openpgp@imc.org,=20jon@callas.org|Subject:=20 Re:=20including=20the=20entire=20fingerprint=20of=20the =20issuer=20in=20an=20OpenPGP=20certification|Cc:=20notmu ch@notmuchmail.org|In-Reply-To:=20<AFC1EADB-7F7E-4090-A85 8-8C0012C9ED94@callas.org>|Message-Id:=20<E1Pf1WI-0007aL- EN@login01.fos.auckland.ac.nz>|Date:=20Tue,=2018=20Jan=20 2011=2015:42:06=20+1300; bh=3DMPLArlr7HcMTiIHRGvceJOoZFivevah/uYaAEDYOA=; b=A/nK60EhT3z+k+VWFUpTShN+zieWm8EqIvb5e/+6aHwYK+WO63W+PihW GzFRCKuHc234cXJfHImVqlynzZkRHM8RwPMOjv4mRwRCf958PglyZCvNr vEeVzcKk/8UA5OOCnsX7rC8tE+Wv49+Vf4FyfHZMTNG5yWRAR17hOBNzW 8=;
X-IronPort-AV: E=Sophos;i="4.60,336,1291546800"; d="scan'208";a="42689730"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 18 Jan 2011 15:42:06 +1300
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1Pf1WI-000611-Hh; Tue, 18 Jan 2011 15:42:06 +1300
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1Pf1WI-0007aL-EN; Tue, 18 Jan 2011 15:42:06 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: ietf-openpgp@imc.org, jon@callas.org
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
Cc: notmuch@notmuchmail.org
In-Reply-To: <AFC1EADB-7F7E-4090-A858-8C0012C9ED94@callas.org>
Message-Id: <E1Pf1WI-0007aL-EN@login01.fos.auckland.ac.nz>
Date: Tue, 18 Jan 2011 15:42:06 +1300
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Jon Callas <jon@callas.org> writes: >On the other hand, this has never been a problem. It's harder than you think, >because you have to generate a new key each time, which takes a while on RSA. Only if you want a secure key. For SSH fuzzy fingerprinting the limiting factor is the hashing, not the rate at which you can crank out keys, as long as you don't mind that the keys aren't very secure. OK, they're not secure at all, but that doesn't matter since you're going for spoofing, not a secure signature forgery. Peter.
- Re: including the entire fingerprint of the issue… Ian G
- Re: including the entire fingerprint of the issue… Avi
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Peter Pentchev
- Re: including the entire fingerprint of the issue… Avi
- Re: including the entire fingerprint of the issue… Jon Callas
- Re: including the entire fingerprint of the issue… Jon Callas
- Re: including the entire fingerprint of the issue… Ian G
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel A. Nagy
- Re: including the entire fingerprint of the issue… Werner Koch
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… Peter Gutmann
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel A. Nagy
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… Jon Callas
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel A. Nagy
- Re: including the entire fingerprint of the issue… Werner Koch
- Re: including the entire fingerprint of the issue… Ian G
- Re: including the entire fingerprint of the issue… Jon Callas
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… Peter Gutmann
- Re: including the entire fingerprint of the issue… Jon Callas
- including the entire fingerprint of the issuer in… Daniel Kahn Gillmor