[openpgp] Crypto on Rails
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 16 July 2015 15:59 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BA1E1A90B9 for <openpgp@ietfa.amsl.com>; Thu, 16 Jul 2015 08:59:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.423
X-Spam-Level: *
X-Spam-Status: No, score=1.423 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G8tAjPboNa_o for <openpgp@ietfa.amsl.com>; Thu, 16 Jul 2015 08:59:39 -0700 (PDT)
Received: from mail-lb0-x231.google.com (mail-lb0-x231.google.com [IPv6:2a00:1450:4010:c04::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 987921A9071 for <openpgp@ietf.org>; Thu, 16 Jul 2015 08:59:38 -0700 (PDT)
Received: by lblf12 with SMTP id f12so46402765lbl.2 for <openpgp@ietf.org>; Thu, 16 Jul 2015 08:59:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=QTg+bb/W/iXuUDE/e3E4g8PS5g2uuDPVfuuaOmh+Og8=; b=SkkRW1UzLTyuKcwUCsrL9gbEcxQm1W8aSBGoB4yB8G/uT/vOa1YVfWxfPKat5soyuk BB7L/j77wYf9iMPYLW6e24XdUIreSSxj+P86M6ZaUEsREDUSXmmE2dSulCvR6Uw9snts 1zVApnKby07mZ/UC1fEhkFG7NETax5l8UVPtpVIFZdJkHyIuSJn89lZfO0lumTlTECti X+UhxZ3zuuHA8qwdXScg//cxCG/WQ58XpeaFADysn9+P+9Whk8ZWHweTRLkL8sSHLHjr fFF4Ni1TAD9msrYGp+JbWXvc6EZKCyElTJuwdVLzGAhKLr6WjWKh9ZkWPalW0KzfDiGX W7NQ==
MIME-Version: 1.0
X-Received: by 10.112.167.202 with SMTP id zq10mr9776326lbb.118.1437062377136; Thu, 16 Jul 2015 08:59:37 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Thu, 16 Jul 2015 08:59:37 -0700 (PDT)
Date: Thu, 16 Jul 2015 11:59:37 -0400
X-Google-Sender-Auth: 4JmThZqR8obzHcHV3fdLasCv9mg
Message-ID: <CAMm+LwjehQXW=S0jEFjRDCHS4z7X_AxuziA=F8GBo2U1SJ2Dkg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: IETF OpenPGP <openpgp@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c269c28268f6051b0028ce"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/6KMcOVsMd7Jf6xaNRcazxetgB9M>
Subject: [openpgp] Crypto on Rails
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 15:59:40 -0000
I haven't actually used Ruby on Rails to build anything. But I have frequently adopted the Rails approach of eliminating all the unnecessary interface code between system X and system Y by insisting that the structures are represented in as close to the same form on both systems, forbidding pointless variations that only create unnecessary corner cases. Over the past few weeks I have been trying the same approach in crypto and the results are pretty interesting. Insisting that every name of a static object be the digest fingerprint of the object referenced has allowed me to remove about ten thousand lines of code. In JOSE for example, we have a 'kid' property for the Key Identifier. This can be anything the programmer likes: * Fingerprint of a certificate * Fingerprint of a Key * PGP fingerprint * Random friendly name Conventions can vary at the sender and receiver. What this means is that the identifiers in different apps have subtly different semantics. In some instances an identifier is unique to a key, in others it is unique to an account. Sometimes a name is authentically bound to something, other times it isn't. In short, there is variation without value but introducing considerable scope for confusion, error and misinterpretation. If we can introduce a fingerprint format that can be used on any type of input data without semantic substitution attacks, we can make interfacing OpenPGP to other types of cryptosystem a lot easier and simplify the implementation and deployment of all types of crypto system.
- [openpgp] Crypto on Rails Phillip Hallam-Baker
- Re: [openpgp] Crypto on Rails Ben McGinnes