IETF Logo Mail Archive

Re: including the entire fingerprint of the issuer in an OpenPGP certification

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 18 January 2011 02:42 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0I2gCIF010991 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jan 2011 19:42:12 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0I2gBvS010990; Mon, 17 Jan 2011 19:42:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0I2g7mN010985 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL) for <ietf-openpgp@imc.org>; Mon, 17 Jan 2011 19:42:11 -0700 (MST) (envelope-from pgut001@login01.fos.auckland.ac.nz)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1295318531; x=1326854531; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20ietf-openpgp@imc.org,=20jon@callas.org|Subject:=20 Re:=20including=20the=20entire=20fingerprint=20of=20the =20issuer=20in=20an=20OpenPGP=20certification|Cc:=20notmu ch@notmuchmail.org|In-Reply-To:=20<AFC1EADB-7F7E-4090-A85 8-8C0012C9ED94@callas.org>|Message-Id:=20<E1Pf1WI-0007aL- EN@login01.fos.auckland.ac.nz>|Date:=20Tue,=2018=20Jan=20 2011=2015:42:06=20+1300; bh=3DMPLArlr7HcMTiIHRGvceJOoZFivevah/uYaAEDYOA=; b=A/nK60EhT3z+k+VWFUpTShN+zieWm8EqIvb5e/+6aHwYK+WO63W+PihW GzFRCKuHc234cXJfHImVqlynzZkRHM8RwPMOjv4mRwRCf958PglyZCvNr vEeVzcKk/8UA5OOCnsX7rC8tE+Wv49+Vf4FyfHZMTNG5yWRAR17hOBNzW 8=;
X-IronPort-AV: E=Sophos;i="4.60,336,1291546800"; d="scan'208";a="42689730"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 18 Jan 2011 15:42:06 +1300
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1Pf1WI-000611-Hh; Tue, 18 Jan 2011 15:42:06 +1300
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1Pf1WI-0007aL-EN; Tue, 18 Jan 2011 15:42:06 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: ietf-openpgp@imc.org, jon@callas.org
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
Cc: notmuch@notmuchmail.org
In-Reply-To: <AFC1EADB-7F7E-4090-A858-8C0012C9ED94@callas.org>
Message-Id: <E1Pf1WI-0007aL-EN@login01.fos.auckland.ac.nz>
Date: Tue, 18 Jan 2011 15:42:06 +1300
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Jon Callas <jon@callas.org> writes:

>On the other hand, this has never been a problem. It's harder than you think, 
>because you have to generate a new key each time, which takes a while on RSA.

Only if you want a secure key. For SSH fuzzy fingerprinting the limiting 
factor is the hashing, not the rate at which you can crank out keys, as long 
as you don't mind that the keys aren't very secure. OK, they're not secure at 
all, but that doesn't matter since you're going for spoofing, not a secure 
signature forgery.

Peter.

v2.23.0 | Report a Bug | By Email