IETF Logo Mail Archive

Re: [openpgp] Expected client behaviour ambiguity in signature verification

Daniel Huigens <d.huigens@protonmail.com> Fri, 15 July 2022 14:25 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDDCAC18873F for <openpgp@ietfa.amsl.com>; Fri, 15 Jul 2022 07:25:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TeKEP6LzmlNZ for <openpgp@ietfa.amsl.com>; Fri, 15 Jul 2022 07:25:50 -0700 (PDT)
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA9F4C18873E for <openpgp@ietf.org>; Fri, 15 Jul 2022 07:25:49 -0700 (PDT)
Date: Fri, 15 Jul 2022 14:25:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1657895147; x=1658154347; bh=8Pw12sh9iHcxAwXtivA5YV4Qp55JScrcW0GQtWc3b80=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=noQFvcBojMJNvFlbb2e94VabyyNmakruMy3HkmrbRdv9J57+Llb8b6gI1okRGxr3F nE/YLeZLQvT7GytD7/CUWJybXfRf+EHsxyBxSTpIWz7nYEFTHRXXvNsCNzXtarl5xJ 3f+WfSON+788QB1QIRsSTaf0zDJebxokcCKlWMTTSvSbTUusoKNeinfwSkL/e0NiIq EsJL5qhkSFmqoMx000/PjBI7vR06fTvYLWPVaMqgg7YA94yXeucg4tVXuNLjtoq7bc 8pNON6dtA3kvU9aDRLNi0ZxqwIvklCBHrzRoOhJOPFQjWLTg9Z6Ey/7WWlIl7JMOHk dqcDjgwjMxLQQ==
To: Andrew Gallagher <andrewg@andrewg.com>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: NIIBE Yutaka <gniibe@fsij.org>, Justus Winter <justus@sequoia-pgp.org>, openpgp@ietf.org
Reply-To: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <Xsi4cfl-3WekivJxtTFaLQnzwmNPn6RF3nHdF99G1qZU_e1iLB7ewnR-zRZP9HbdWQvIEQZqTb9CrniOKvufk8mkleyV2PZs8XLDfCQXrFo=@protonmail.com>
In-Reply-To: <25F2FE86-5B9E-4211-A526-FBCBD18EAA30@andrewg.com>
References: <d0483dcb-025b-37c2-9a26-e42133b506ac@andrewg.com> <HcMPnSrBDMEb2UqLScL9OTrornuJln5O0WG0ZBe2FLW3Q3YbJ9plFBKGJGdWYyVF-Wz9HA6supa9tXH5y8DfJTe05cUD5Uk0VciCnGuQNMo=@protonmail.com> <87pmifx2km.fsf@europ.lan> <Gjz95aE4GW3B-PIIf3VWobfxKwlSPyI-yU5L7B5zM-6QBv48RXZrrXvIkFQ5NUd9g64Ai9Adzqxahueo5LEqWRCY-Hjj9dRZeI2JYlaWqd4=@protonmail.com> <87let3wxtj.fsf@europ.lan> <ejV91k6cLZSWu6XKlMLLyVhrwpYOJWOD6q4Ekp6veU53kVA4kSNM1zZ1EoCJG2QJLlYoq2Rylxd7LWxssmPji5ozUn8iZHiD1f3x8vqJ2wc=@protonmail.com> <637768CF-CD88-4A2C-BC58-EE2945A1F008@andrewg.com> <IdS0-BxA6w80HLI578WI9YpxpzFb0MbynW3DOEhCWSF825_1qT6Dj6KlYX5CYs9-VYOJoNlj-8KZ6dd6ywX3xufc11_k_vScRCI-F1ik9XM=@protonmail.com> <25F2FE86-5B9E-4211-A526-FBCBD18EAA30@andrewg.com>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/74pQ5ukGDoMeunlKo1dIhxA2bUs>
Subject: Re: [openpgp] Expected client behaviour ambiguity in signature verification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2022 14:25:55 -0000

Just to get back to the original question; I wanted to ask the
implementations that don't do this check (GnuPG and Sequoia), whether
there are any particular reasons for that? Are there many keys out
there that fail this check? I understood that GitHub has one, generated
using OpenPGP.php, would it be possible to ask them to generate a new
key, or modify their existing one? (Someone could do that for them, I
guess :)) Or are there too many keys like this out there?

And then, in the case that we can't solve this for v4, let's at least
try to prevent this from happening again with v5 keys. E.g., we could:

1. Write in the spec that implementations SHOULD do this check for v5
   signatures, or
2. Remove the two hash bytes (and thus the check, obviously) from
   v5 signatures

I'd be happy to make MRs for these, if it's useful, but I guess these
are simple enough that we can discuss them here. I slightly prefer
option 2, while Justus didn't like option 2, I think. Any other
opinions? :)

Best,
Daniel

v2.23.0 | Report a Bug | By Email