Re: [openpgp] Hashing literal (meta)data fields
Justus Winter <justus@sequoia-pgp.org> Tue, 11 October 2022 07:52 UTC
Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13452C159484 for <openpgp@ietfa.amsl.com>; Tue, 11 Oct 2022 00:52:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MSGID_FROM_MTA_HEADER=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cawNcBRsvFRe for <openpgp@ietfa.amsl.com>; Tue, 11 Oct 2022 00:52:15 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 823F7C159486 for <openpgp@ietf.org>; Tue, 11 Oct 2022 00:52:15 -0700 (PDT)
Received: (qmail 30178 invoked by uid 500); 11 Oct 2022 07:52:12 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
From: Justus Winter <justus@sequoia-pgp.org>
To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>, IETF OpenPGP WG <openpgp@ietf.org>
In-Reply-To: <QiAK3LsKi6K_UDPKI3S2vWACTHIL2CWil-AmjadkkA9XQrrdoDSuAT5UwwQCqseLMaStR4XuM04rfSoTSzXZEsNLIp3Z8_7C7Xu4Nxab1eE=@protonmail.com>
References: <QiAK3LsKi6K_UDPKI3S2vWACTHIL2CWil-AmjadkkA9XQrrdoDSuAT5UwwQCqseLMaStR4XuM04rfSoTSzXZEsNLIp3Z8_7C7Xu4Nxab1eE=@protonmail.com>
Date: Tue, 11 Oct 2022 09:50:48 +0200
Message-ID: <87lepmvlwn.fsf@thinkbox>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Rspamd-Bar: ---
X-Rspamd-Report: MIME_GOOD(-0.2) SIGNED_PGP(-2) MID_RHS_NOT_FQDN(0.5) BAYES_HAM(-1.896764)
X-Rspamd-Score: -3.596764
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/2.8.28) with ESMTPSA; Tue, 11 Oct 2022 09:52:11 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/8OHMKF9p_h6lNj185mqzTgL8VJo>
Subject: Re: [openpgp] Hashing literal (meta)data fields
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2022 07:52:17 -0000
Hi Daniel, Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org> writes: > In draft-koch-openpgp-2015-rfc4880bis-00, v5 signatures hash the > metadata fields, and v4 signatures can optionally hash the metadata > fields by adding a "Literal Data Meta Hash" signature subpacket, which > includes a hash of the metadata fields (and the subpacket is then > hashed into the signature). It is disallowed for v5 signatures. [3] > > > Now, for my concrete proposal: let's use the "Literal Data Meta Hash" > subpacket for both v4 and v5 signatures, to allow (but not force) the > signer to hash these fields. This maintains the possibility to convert > a detached signature (that doesn't have this subpacket) to an attached > one (if we don't require it), and similarly, to convert an attached > signature (that does have it) to a detached one (if we ignore this > subpacket for detached signatures). > > Let me know what you think! The proposed scheme seems complicated to me, retains the shortcomings of the literal packet's metadata, and breaks re-attaching the signature. It is complicated because you need to specify a way to hash these fields. It retains the shortcomings of not defining what date means and the limitation of the file name length. Instead, one could simply add notations to the signature to specify say creation time, modification time, and filename. With this scheme, one can better specify the semantics, lift the file name length restriction, it doesn't require specifying how to hash the metadata, and it isn't an all-or-nothing thing. As a bonus, if you detach the signature, the information is still available, so you can make use of it, and re-attaching the signature is possible and easy. Best, Justus
- [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Werner Koch
- Re: [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Justus Winter
- Re: [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Daniel Kahn Gillmor
- Re: [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Daniel Kahn Gillmor