Re: [openpgp] Expected client behaviour ambiguity in signature verification
Daniel Huigens <d.huigens@protonmail.com> Fri, 15 July 2022 14:25 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDDCAC18873F for <openpgp@ietfa.amsl.com>; Fri, 15 Jul 2022 07:25:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TeKEP6LzmlNZ for <openpgp@ietfa.amsl.com>; Fri, 15 Jul 2022 07:25:50 -0700 (PDT)
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA9F4C18873E for <openpgp@ietf.org>; Fri, 15 Jul 2022 07:25:49 -0700 (PDT)
Date: Fri, 15 Jul 2022 14:25:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1657895147; x=1658154347; bh=8Pw12sh9iHcxAwXtivA5YV4Qp55JScrcW0GQtWc3b80=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=noQFvcBojMJNvFlbb2e94VabyyNmakruMy3HkmrbRdv9J57+Llb8b6gI1okRGxr3F nE/YLeZLQvT7GytD7/CUWJybXfRf+EHsxyBxSTpIWz7nYEFTHRXXvNsCNzXtarl5xJ 3f+WfSON+788QB1QIRsSTaf0zDJebxokcCKlWMTTSvSbTUusoKNeinfwSkL/e0NiIq EsJL5qhkSFmqoMx000/PjBI7vR06fTvYLWPVaMqgg7YA94yXeucg4tVXuNLjtoq7bc 8pNON6dtA3kvU9aDRLNi0ZxqwIvklCBHrzRoOhJOPFQjWLTg9Z6Ey/7WWlIl7JMOHk dqcDjgwjMxLQQ==
To: Andrew Gallagher <andrewg@andrewg.com>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: NIIBE Yutaka <gniibe@fsij.org>, Justus Winter <justus@sequoia-pgp.org>, openpgp@ietf.org
Reply-To: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <Xsi4cfl-3WekivJxtTFaLQnzwmNPn6RF3nHdF99G1qZU_e1iLB7ewnR-zRZP9HbdWQvIEQZqTb9CrniOKvufk8mkleyV2PZs8XLDfCQXrFo=@protonmail.com>
In-Reply-To: <25F2FE86-5B9E-4211-A526-FBCBD18EAA30@andrewg.com>
References: <d0483dcb-025b-37c2-9a26-e42133b506ac@andrewg.com> <HcMPnSrBDMEb2UqLScL9OTrornuJln5O0WG0ZBe2FLW3Q3YbJ9plFBKGJGdWYyVF-Wz9HA6supa9tXH5y8DfJTe05cUD5Uk0VciCnGuQNMo=@protonmail.com> <87pmifx2km.fsf@europ.lan> <Gjz95aE4GW3B-PIIf3VWobfxKwlSPyI-yU5L7B5zM-6QBv48RXZrrXvIkFQ5NUd9g64Ai9Adzqxahueo5LEqWRCY-Hjj9dRZeI2JYlaWqd4=@protonmail.com> <87let3wxtj.fsf@europ.lan> <ejV91k6cLZSWu6XKlMLLyVhrwpYOJWOD6q4Ekp6veU53kVA4kSNM1zZ1EoCJG2QJLlYoq2Rylxd7LWxssmPji5ozUn8iZHiD1f3x8vqJ2wc=@protonmail.com> <637768CF-CD88-4A2C-BC58-EE2945A1F008@andrewg.com> <IdS0-BxA6w80HLI578WI9YpxpzFb0MbynW3DOEhCWSF825_1qT6Dj6KlYX5CYs9-VYOJoNlj-8KZ6dd6ywX3xufc11_k_vScRCI-F1ik9XM=@protonmail.com> <25F2FE86-5B9E-4211-A526-FBCBD18EAA30@andrewg.com>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/74pQ5ukGDoMeunlKo1dIhxA2bUs>
Subject: Re: [openpgp] Expected client behaviour ambiguity in signature verification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2022 14:25:55 -0000
Just to get back to the original question; I wanted to ask the implementations that don't do this check (GnuPG and Sequoia), whether there are any particular reasons for that? Are there many keys out there that fail this check? I understood that GitHub has one, generated using OpenPGP.php, would it be possible to ask them to generate a new key, or modify their existing one? (Someone could do that for them, I guess :)) Or are there too many keys like this out there? And then, in the case that we can't solve this for v4, let's at least try to prevent this from happening again with v5 keys. E.g., we could: 1. Write in the spec that implementations SHOULD do this check for v5 signatures, or 2. Remove the two hash bytes (and thus the check, obviously) from v5 signatures I'd be happy to make MRs for these, if it's useful, but I guess these are simple enough that we can discuss them here. I slightly prefer option 2, while Justus didn't like option 2, I think. Any other opinions? :) Best, Daniel
- [openpgp] Expected client behaviour ambiguity in … Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Jonathan McDowell
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Nickolay Olshevsky
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Jonathan McDowell
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Paul Schaub
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Peter Gutmann
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher