Re: [openpgp] V5 Fingerprint again
Vincent Breitmoser <look@my.amazin.horse> Thu, 02 March 2017 11:41 UTC
Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF4B1294A1 for <openpgp@ietfa.amsl.com>; Thu, 2 Mar 2017 03:41:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dmYYfXkwnS7u for <openpgp@ietfa.amsl.com>; Thu, 2 Mar 2017 03:41:34 -0800 (PST)
Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21E0912986F for <openpgp@ietf.org>; Thu, 2 Mar 2017 03:41:33 -0800 (PST)
Received: from dhcp177-253.wlan.rz.tu-bs.de (dhcp177-253.wlan.rz.tu-bs.de [134.169.177.253]) by mail.mugenguild.com (Postfix) with ESMTPSA id A9F195FA58; Thu, 2 Mar 2017 12:41:30 +0100 (CET)
Date: Thu, 02 Mar 2017 12:41:27 +0100
User-Agent: K-9 Mail for Android
In-Reply-To: <87lgsoah35.fsf@wheatstone.g10code.de>
References: <CAMm+Lwju5i5xHt=ma6Ush4_4dfZNwOi2=2km+6Qja+sDbkvbxg@mail.gmail.com> <CADGaDpFoBt1=eZHxo4q=Yb24NYyy1sudFn_h=MTZE3_wiRVXJw@mail.gmail.com> <87lgsoah35.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----UEE0YQZMY7DYNY594MNPLA5184XD2E"
Content-Transfer-Encoding: 7bit
To: openpgp@ietf.org
CC: IETF OpenPGP <openpgp@ietf.org>
From: Vincent Breitmoser <look@my.amazin.horse>
Message-ID: <9E0B568A-6BFB-402B-A445-C1B31FF4D9A6@my.amazin.horse>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/4y8Ujl4u30AGcifo2ckRt-i9TKg>
Subject: Re: [openpgp] V5 Fingerprint again
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 11:41:36 -0000
I think we can go slightly further here for depreciation in implementation logic: if a primary key is self signed with a stronger algorithm, a sha1 signature can be considered a security error. This avoids a downgrade scenario and catches misconfigurations but should have little potential for false positives. The only scenario I can think of where this heuristic is off, is when the sender doesn't create their key themselves and isn't itself capable of stronger hashes. Not sure if that ever happens? - V
- [openpgp] V5 Fingerprint again Phillip Hallam-Baker
- Re: [openpgp] V5 Fingerprint again KellerFuchs
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Robert J. Hansen
- Re: [openpgp] V5 Fingerprint again Leo Gaspard
- Re: [openpgp] V5 Fingerprint again Derek Atkins
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Leo Gaspard
- Re: [openpgp] V5 Fingerprint again Vincent Breitmoser
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Vincent Breitmoser
- Re: [openpgp] V5 Fingerprint again KellerFuchs