Re: [openpgp] Bug#931238: hot armor: please drop "Version: " header
Marcus Brinkmann <marcus.brinkmann@rub.de> Wed, 10 July 2019 07:42 UTC
Return-Path: <marcus.brinkmann@rub.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 614DA12017D for <openpgp@ietfa.amsl.com>; Wed, 10 Jul 2019 00:42:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rub.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id giJmLfaNvbIF for <openpgp@ietfa.amsl.com>; Wed, 10 Jul 2019 00:42:01 -0700 (PDT)
Received: from out2.mail.ruhr-uni-bochum.de (out2.mail.ruhr-uni-bochum.de [IPv6:2a05:3e00:c:1001::8693:2ae5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4623120154 for <openpgp@ietf.org>; Wed, 10 Jul 2019 00:42:00 -0700 (PDT)
Received: from mx2.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by out2.mail.ruhr-uni-bochum.de (Postfix mo-ext) with ESMTP id 45kB392ZYXz4wJ4 for <openpgp@ietf.org>; Wed, 10 Jul 2019 09:41:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rub.de; s=mail-2017; t=1562744517; bh=su89ivCDUK45Sc4mk9b6YUUDTDaS/kS0dLf8I1/xkUk=; h=Subject:To:References:From:Date:In-Reply-To:From; b=Q5nTia45G3ivEVXsrLqWJvYMCYYAAqjXn4UVnwp1UO2O6aO2jQIBUuTLpt/QJLgl+ oG1Gx8Y4UrrqQHHg4c7gDx8KcwQP3qQcWC4lUhrGcQJkCyS9E9GqfFmtcMYPhZQMpb mEIdBSWWxpV8dTzP8fNpzhpzYvSqEGyk1/9oMAS4=
Received: from out2.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by mx2.mail.ruhr-uni-bochum.de (Postfix idis) with ESMTP id 45kB391XJNz4w66 for <openpgp@ietf.org>; Wed, 10 Jul 2019 09:41:57 +0200 (CEST)
X-Envelope-Sender: <marcus.brinkmann@rub.de>
X-RUB-Notes: Internal origin=134.147.42.227
Received: from mail1.mail.ruhr-uni-bochum.de (mail.ruhr-uni-bochum.de [134.147.42.227]) by out2.mail.ruhr-uni-bochum.de (Postfix mi-int) with ESMTP id 45kB3908ljz4wJ4 for <openpgp@ietf.org>; Wed, 10 Jul 2019 09:41:56 +0200 (CEST)
Received: from [192.168.142.139] (p5DCA4BEB.dip0.t-ipconnect.de [93.202.75.235]) by mail1.mail.ruhr-uni-bochum.de (Postfix) with ESMTPSA id 45kB386fmnzytt for <openpgp@ietf.org>; Wed, 10 Jul 2019 09:41:56 +0200 (CEST)
To: openpgp@ietf.org
References: <87zhm1o0f7.fsf@fifthhorseman.net> <20190706133941.tw3znn74q4iseiyo@scru.org> <54525144-b7bf-fa79-c497-ca8fbf77f89d@gmx.net> <8d960bb1-0fe8-c2e3-fcf4-4d00ed4adfce@rub.de> <87r2717fwo.fsf@fifthhorseman.net>
From: Marcus Brinkmann <marcus.brinkmann@rub.de>
Openpgp: preference=signencrypt
Message-ID: <32605ef2-afb0-a7e3-8585-13ed7d0bc566@rub.de>
Date: Wed, 10 Jul 2019 09:41:57 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <87r2717fwo.fsf@fifthhorseman.net>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.4 at mail1.mail.ruhr-uni-bochum.de
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/8pbz7ka0xeE_zJYtHaDVCD6dLqw>
Subject: Re: [openpgp] Bug#931238: hot armor: please drop "Version: " header
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 07:42:04 -0000
Hi, On 7/7/19 10:23 PM, Daniel Kahn Gillmor wrote: >> 1. The embedded timestamp and filename in a literal data packet. > > I'm not sure how these would vary across implementations. perhaps the > guidance should say "in the absence of a requirement to the contrary, > the timestamp should be set to zero and the filename should be zero > octets in length." Well, the encoding can be different, filenames can be typical for an operating system, etc. I'd just zero it all out. >> 2. The block sizes for partial data packets, and when they are used. > > Partial data packets SHOULD NOT be generated. In the event that they > are generated, partial data packets SHOULD have a length represented by > the value 236 (meaning, the packet has a length of 1<<(236&0x1F) == 4096 > octets). Actually, it would be more stable to always use partial data packets with a fixed chunk size (plus rest). >> 3. The signature subpackets used and their order (hashed and >> unhashed). > > Which hashed subpackets to use: i'm not sure about this. suggestions? That's a large topic, unfortunately. Probably requires some research, too. > order: > > Implementations SHOULD emit signature subpackets in subpacket type > order. If multiple subpackets of a given type are present, they SHOULD > be ordered based on the binary representation of the > subpacket. (0x01ffff comes before 0x020000, etc). Subpacket length must be canonicalized, too, like packet lengths. But there is some trouble here: There are private or experimental subpacket types, and a generic implementation won't know if the order matters. > Implementations SHOULD NOT emit unhashed subpackets without a concrete > reason to do so. > > >> 4. Possibly the details of the compression. > > Implementations SHOULD NOT generate compressed packets. If they do, > they should prefer Bzip2 over Zlib over ZIP. (is this right? what > about per-format compression details? For example, block size. In general, I think there is a lot of flexibility in choosing the huffman tree and such. Dunno if that actually happens in the real world. >> 5. The length of the base64 encoding. > > I think this means line length. Yes, sorry. > > Implementations SHOULD generate Radix-64 data encoded such that all full > lines have 64 printable characters in them. > >> 6. Potentially the order of signature packets. > > I'm assuming this is about signature packets over a data, not user ID > certifications or subkey signatures. > > If multiple signature packets are attached to a piece of data, they > SHOULD be ordered by their creation date (oldest signature first). If > multiple signatures share the same creation date, they SHOULD be ordered > by their binary representation. > >> 7. The value of any quick check bytes (some implementations set them to >> invalid values to discourage checking them). > > That's news to me, thanks for raising it. Can you point to > documentation about that? Unfortunately, I can't find it. It might just have been an idea I read about somewhere, without implementation, or an obscure niche implementation. It was an interesting idea, though, so it stuck in my head. > >> For keys: >> >> 1. Again the signature subpackets used and their order. > > Same as above, i think. > >> 2. Potentially the details of the user id. > > as most of this is entirely user-visible (and user-selected), i'm not > sure how much implementations can do here. Perhaps we should recommend > using Unicode canonicalization form C for the UTF-8 string though? I agree that user-visibility makes this different from the other items on this list. >> 3. Algorithm and other preferences and flags. > > These compatibility markers will invitably leak some information about > the local implementation, as they are needed for interoperability. We > can provide guidance on the ordering of those preference though. > >> 4. The cryptographic parameters of public keys (RSA exponent etc) > > The chosen RSA exponent SHOULD be 0x10001. > > (suggestions for other parameters for other pubkey algorithms welcome!) Prime generation and random number generation: The Million-Key Question—Investigating the Origins of RSA Public Keys (Petr Švenda, Matúš Nemec, Peter Sekan, Rudolf Kvašňovský, David Formánek, David Komárek, and Vashek Matyáš, Masaryk University), 25th USENIX Security Symposium https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_svenda.pdf > >> 5. S2K count. > > Modern hardware is fast. Implementations that emit an S2K packet SHOULD > use Iterated + Salted S2K, and the S2K count SHOULD be 65011712 > (single-octet representation 255). > >> 6. Possibly resolution of any timestamps. > > Isn't the specification's 1-second resolution reasonable? Do we want to > encourage something different? For example, when creating a new key with multiple subkeys, an implementation could have the same or different timestamps for them. > One other item for OpenPGP certificates ("keys")" > > 7. order of certification packets, order of user ids, etc: > > I proposed a canonicalized structure for OpenPGP certificates over here: > > https://dev.gnupg.org/T3389 > > Perhaps this should be a supplementary implementator guidance draft, > distinct from the specifying RFC? Then we could also update it as new > fingerprinting surface is discovered, without revising the RFC itself. > Anyone interested in starting a draft? Thanks, Marcus -- Dipl.-Math. Marcus Brinkmann Lehrstuhl für Netz- und Datensicherheit Ruhr Universität Bochum Universitätsstr. 150, Geb. ID 2/461 D-44780 Bochum Telefon: +49 (0) 234 / 32-25030 http://www.nds.rub.de/chair/people/mbrinkmann
- Re: [openpgp] Bug#931238: hot armor: please drop … Clint Adams
- Re: [openpgp] Bug#931238: hot armor: please drop … Heiko Stamer
- Re: [openpgp] Bug#931238: hot armor: please drop … Marcus Brinkmann
- Re: [openpgp] Bug#931238: hot armor: please drop … Daniel Kahn Gillmor
- Re: [openpgp] Bug#931238: hot armor: please drop … Daniel Kahn Gillmor
- Re: [openpgp] Bug#931238: hot armor: please drop … Peter Gutmann
- Re: [openpgp] Bug#931238: hot armor: please drop … ilf
- Re: [openpgp] Bug#931238: hot armor: please drop … Marcus Brinkmann
- Re: [openpgp] Bug#931238: hot armor: please drop … ilf
- Re: [openpgp] Bug#931238: hot armor: please drop … Heiko Stamer
- Re: [openpgp] Bug#931238: hot armor: please drop … Daniel Kahn Gillmor