IETF Logo Mail Archive

Re: [openpgp] Fingerprints

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 15 April 2015 22:10 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A30A61A9233 for <openpgp@ietfa.amsl.com>; Wed, 15 Apr 2015 15:10:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0W09bTFhc8Zq for <openpgp@ietfa.amsl.com>; Wed, 15 Apr 2015 15:10:55 -0700 (PDT)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D04FD1A916B for <openpgp@ietf.org>; Wed, 15 Apr 2015 15:10:52 -0700 (PDT)
Received: by lbbuc2 with SMTP id uc2so44914715lbb.2 for <openpgp@ietf.org>; Wed, 15 Apr 2015 15:10:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=q+DgS7qfCL+B95Rxy93uGqB1LMIMDvlUdSlEtcWLkLM=; b=ApDYXgZLkq0cXIKMLvGJAhnw2PV1YQuFsilw6wu/ExQ2HqWpnPqAdyS0qhkTDLtuNr AFuwT5MJPaVXg8FioXbx4dWdJPB50srXMmDMYZlC4HH4RlbYWPtdkvR+fa/iSZwAoDJ8 hVmgCK7minlA6nTohr33e2BQzebDNxDJlMsNTmc0S1sPtGfvc4UuNB7g1+Mox6wuWDJp 3cROGIHSNfP7+VfMPf+h8o/3NWu1bG7M8B2OFuVmKBOl63qd1/chRwx90MyzN0jx4Nr3 slYrHCW60YvRFmG9Mv5DaVfN8clHYqjgKjXY9l4iSrb08TpVB6Lk2R0AzD9jQ08XJvmW AoSQ==
MIME-Version: 1.0
X-Received: by 10.152.18.225 with SMTP id z1mr26210639lad.124.1429135851417; Wed, 15 Apr 2015 15:10:51 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.147.165 with HTTP; Wed, 15 Apr 2015 15:10:51 -0700 (PDT)
In-Reply-To: <1429131456.1702.51.camel@scientia.net>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87y4m0ozlt.fsf@vigenere.g10code.de> <20150415135105.GJ3106@singpolyma-liberty> <FE2717DC-3950-4536-B83D-BD005D2F26A6@callas.org> <1429128262.1702.41.camel@scientia.net> <CAMm+LwhHkRNDUT9H9=RV-caqPiWpe9OBriR8pSsoA1PqKf6C-Q@mail.gmail.com> <1429131456.1702.51.camel@scientia.net>
Date: Wed, 15 Apr 2015 18:10:51 -0400
X-Google-Sender-Auth: 2RQvMHzLe2llvziC-fianbR-leA
Message-ID: <CAMm+Lwi6aEHYA99bXfGYuGBtsvyE1smw29aAU6keSwRwPJWBOA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Christoph Anton Mitterer <calestyo@scientia.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/AY5AMRBHyNA1K5l0D9HLsfBFjB8>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 22:10:56 -0000

On Wed, Apr 15, 2015 at 4:57 PM, Christoph Anton Mitterer
<calestyo@scientia.net> wrote:
> On Wed, 2015-04-15 at 16:46 -0400, Phillip Hallam-Baker wrote:
>> The ni scheme I linked to does essentially that. What we are
>> discussing here is essentially the same thing only with a slightly
>> different syntax. It is not necessary to separate the algorithm ID
>> from the fingerprint.
> So in that ni scheme, is the algorithm id then hashed along with the
> data?

ni is a URI scheme designed to be used under the covers. It is not
really what I would want for a fingerprint.


> Well... it's always difficult to predict the future... probably you're
> right, but why making it not generic enough to be one the safe side if
> we can.

Because introducing syntactic crud makes the identifier much less
convenient and the whole point of a fingerprint is convenience.

As I demonstrated, the proposed scheme has more than enough generality
for our purposes which are thoroughly understood.



> As I've said, we've had that already plenty of times, that people
> expected something to be never exhausted and then things came completely
> different.
> So one should perhaps learn from the past =)

That has happened when people who did not bother to try to understand
the issue refused to listen to the informed opinions of those who did.
While I am prepared to engage in a discussion over whether the basis
of my estimates is reasonable or not, 'other people got it wrong,
therefore you will' is not an argument.

Unlike the people you are citing, I have actually played a significant
role in the deployment of two global scale infrastructures. While I
can't claim to be infallible, I can claim to know something of what I
am doing.


If the need ever arises, we can always cut a completely new set of
fingerprint identifiers by just slapping a URI prefix on the front. Or
use ni.

All we are talking about here is the human readable form of the
identifier. PGP is going to be using the binary data, JSON and XML
apps using the same fingerprint format should use URIs.

v2.23.0 | Report a Bug | By Email