Re: [openpgp] Followup on fingerprints
Nicholas Cole <nicholas.cole@gmail.com> Tue, 04 August 2015 08:31 UTC
Return-Path: <nicholas.cole@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F3641A8AB1 for <openpgp@ietfa.amsl.com>; Tue, 4 Aug 2015 01:31:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6hAvfO5lRmOq for <openpgp@ietfa.amsl.com>; Tue, 4 Aug 2015 01:31:31 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D57C1A6F03 for <openpgp@ietf.org>; Tue, 4 Aug 2015 01:31:31 -0700 (PDT)
Received: by wibud3 with SMTP id ud3so166547418wib.1 for <openpgp@ietf.org>; Tue, 04 Aug 2015 01:31:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=dUdDmUbNSfDwl7JeJ+MkwWN4AfdVL056idsJKCy5euw=; b=Rarnhl+uG2g2NE19PuiAAPBTfTxyjJ6UdL+g6gQXsRpcx+eM/1DerQc3o83Lx89mtD YXoDFYMRCu/rxmsq8qmuOemz1JDo8qZJIWq81ICs5LKiErvEdJDc+vGacTHO0opfXdOb w04dKL142MkYxHwvwL73yfAieLeLseg81iUXQDD7omRH+j+jZbRFGQUR3d3c7S+7zsVE UP0BYbGX2cQZsiULJObmBpY3XsJMAR/hczm3UcJAmUut58rmztwuRcJ26qT7XOXb0wtE FKLw8VBJ90n+GfZkvbmi770YgLE8a3lrO1ImbH/xRhDErA21sHYTcuDMSbd1jLdyoBb3 e4zQ==
MIME-Version: 1.0
X-Received: by 10.180.99.196 with SMTP id es4mr41300428wib.57.1438675503812; Tue, 04 Aug 2015 01:05:03 -0700 (PDT)
Received: by 10.194.66.163 with HTTP; Tue, 4 Aug 2015 01:05:03 -0700 (PDT)
In-Reply-To: <87wpxbtuwk.fsf@vigenere.g10code.de>
References: <87twsn2wcz.fsf@vigenere.g10code.de> <CAMm+LwgRJX-SvydmpUAJMmN3yysi4zzGSpO2yY4JAMhD-9xLgQ@mail.gmail.com> <87zj2ecmv8.fsf@alice.fifthhorseman.net> <CAMm+LwgKmcTes=V7uS3MjCQixWCo-i7PY=VE7eCHSqt3Ho3OSg@mail.gmail.com> <87a8udd4u6.fsf@alice.fifthhorseman.net> <sjm61503182.fsf@securerf.ihtfp.org> <CAMm+LwgEVySpfL-iN2uzX-4tu7R+isDkHE9D8uAeLTxxd4VxqQ@mail.gmail.com> <sjmwpxc1kbv.fsf@securerf.ihtfp.org> <CAAS2fgR6LYck+km5Ze6S9z65ZgsR61d8md2CqojDaceZ0OrZrw@mail.gmail.com> <9c2c8c5df67c83925d7e3c21fe943483.squirrel@mail2.ihtfp.org> <20150803173231.GG3067@straylight.m.ringlet.net> <2439a89a6c4eb70044e144406a732482.squirrel@mail2.ihtfp.org> <87io8v7uqt.fsf@littlepip.fritz.box> <87h9of7p0e.fsf@littlepip.fritz.box> <87wpxbtuwk.fsf@vigenere.g10code.de>
Date: Tue, 04 Aug 2015 09:05:03 +0100
Message-ID: <CAAu18hez49oVhTwRLqv=3rifbg5q5+EqsSvBO0c-ezq+M_Qmyw@mail.gmail.com>
From: Nicholas Cole <nicholas.cole@gmail.com>
To: IETF OpenPGP <openpgp@ietf.org>
Content-Type: multipart/alternative; boundary="f46d044283705a1574051c77be82"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/75kyRFEAuoZJqagUJIxIZP6_lcU>
Subject: Re: [openpgp] Followup on fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2015 08:31:34 -0000
On Tuesday, 4 August 2015, Werner Koch <wk@gnupg.org> wrote: > On Tue, 4 Aug 2015 04:42, look@my.amazin.horse said: > > > And the actual attack is "slightly weaker non-repudiation"? > > ... when using a truncated fingerprint. > > Why should anyone truncate a fingerprint from 20 bytes to 13 bytes? > This is an arbitrary value in between the known weak 8 byte keyids and > the full 20 byte fingerprints for which we expect that in our lifetime > collisions can be > I'm really struggling to follow what is going on with this whole discussion! Fingerprints need to be robust enough that creating aritrary collisions is not feasible. That has always been central to OpenPGP. If that creates headaches for user interfaces then we will have to find ways to deal with that, but that is a separate discussion. I thought that there were some well established, secure as far as anyone knows, hash algorithms. We've many years experience of the problems of including or not including various extra bits of information along with the key material itself, so doesn't the WG just need to pick one of the candidate algorithms and have done with it?
- [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Werner Koch
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Werner Koch
- Re: [openpgp] Followup on fingerprints Vincent Breitmoser
- Re: [openpgp] Followup on fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Followup on fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Followup on fingerprints Werner Koch
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Wyllys Ingersoll
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Followup on fingerprints Vincent Breitmoser
- Re: [openpgp] Followup on fingerprints Derek Atkins
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Vincent Breitmoser
- Re: [openpgp] Followup on fingerprints ianG
- Re: [openpgp] Followup on fingerprints Gregory Maxwell
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Derek Atkins
- Re: [openpgp] Followup on fingerprints Gregory Maxwell
- Re: [openpgp] Followup on fingerprints Derek Atkins
- Re: [openpgp] Followup on fingerprints Peter Pentchev
- Re: [openpgp] Followup on fingerprints Derek Atkins
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Vincent Breitmoser
- Re: [openpgp] Followup on fingerprints Vincent Breitmoser
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Werner Koch
- Re: [openpgp] Followup on fingerprints Nicholas Cole
- Re: [openpgp] Followup on fingerprints Derek Atkins
- Re: [openpgp] Followup on fingerprints Derek Atkins
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Derek Atkins
- Re: [openpgp] Followup on fingerprints Vincent Breitmoser
- Re: [openpgp] Followup on fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Followup on fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Followup on fingerprints Derek Atkins
- Re: [openpgp] Followup on fingerprints ianG
- Re: [openpgp] Followup on fingerprints Vincent Breitmoser
- Re: [openpgp] Followup on fingerprints Nicholas Cole
- Re: [openpgp] Followup on fingerprints Werner Koch
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Followup on fingerprints Phillip Hallam-Baker
- Re: [openpgp] Followup on fingerprints ianG
- Re: [openpgp] Followup on fingerprints Vincent Breitmoser
- Re: [openpgp] Followup on fingerprints Bill Frantz
- Re: [openpgp] Followup on fingerprints ianG
- Re: [openpgp] Followup on fingerprints Bill Frantz