Re: [openpgp] New fingerprint: to v5 or not to v5

Werner Koch <wk@gnupg.org> Wed, 07 October 2015 19:36 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F5341B2F65 for <openpgp@ietfa.amsl.com>; Wed, 7 Oct 2015 12:36:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9A5CDCQt_MRf for <openpgp@ietfa.amsl.com>; Wed, 7 Oct 2015 12:36:06 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D63A01B29A8 for <openpgp@ietf.org>; Wed, 7 Oct 2015 12:36:05 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1ZjuVP-0000DB-NG for <openpgp@ietf.org>; Wed, 07 Oct 2015 21:36:03 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1ZjuT0-0006jv-Ts; Wed, 07 Oct 2015 21:33:34 +0200
From: Werner Koch <wk@gnupg.org>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
References: <878u84zy4r.fsf@vigenere.g10code.de> <87fv1xxe5w.fsf@alice.fifthhorseman.net> <87r3lgcup8.fsf@vigenere.g10code.de> <CACsn0c=-LKagSqTbgOV1W4Gu4u-f6vpVq82-nWSLGogjoeFKeg@mail.gmail.com> <CAMm+LwjeKDKnN2ZAisbKhWVS4kwCEm_VvcZ1MtftYzEJQpGdhg@mail.gmail.com> <87y4fi5wa9.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B278ED@uxcn10-5.UoA.auckland.ac.nz> <8737xp5z45.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B279C6@uxcn10-5.UoA.auckland.ac.nz> <87fv1o4e9n.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B2C5EE@uxcn10-5.UoA.auckland.ac.nz>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Mail-Followup-To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Watson Ladd <watsonbladd@gmail.com>, Phillip Hallam-Baker <phill@hallambaker.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Date: Wed, 07 Oct 2015 21:33:34 +0200
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4B2C5EE@uxcn10-5.UoA.auckland.ac.nz> (Peter Gutmann's message of "Wed, 7 Oct 2015 14:02:17 +0000")
Message-ID: <87wpuy1njl.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/DjmNYrwaQVaYWnpsfCapfHZ_jTk>
Cc: Watson Ladd <watsonbladd@gmail.com>, Phillip Hallam-Baker <phill@hallambaker.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] New fingerprint: to v5 or not to v5
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2015 19:36:08 -0000

On Wed,  7 Oct 2015 16:02, pgut001@cs.auckland.ac.nz said:

> X.509 handles this by having two distinct things, a unique identifier
> (subjectKeyIdentifier) to identify a key, and a fingerprint (hash of the cert)

Which is not defined by any standard.

> PGP in contrast confuses the two, so you have a supposedly unique identifier
> that hashes in a mutable value (the time) but then doesn't hash in other
> important information like the user ID associated with the key.  So it doesn't

As you surely know PGP can't add the user ID because the user id is
attached to the key so that you can add or remove user ids.

> The fix would be to have two distinct values, a unique identifier (64 or 128
> bits of whatever) to uniquely identify a key, and then a fingerprint that
> covers the key, subkey(s), user ID(s), attributes, and whatnot, to check that
> you've got what you were expecting to get.

It will only take a few days until the first wags create multiple
different keys with the same identifier to confuse software.  Think of
the collisions in 64 bit key ids which will sooner or later lead to
problems in current OpenPGP.

Let's call your proposed system UnDER.509.

>>Lost key?  
>
> The key is present somewhere on the keyring but the date has changed, so you
> can't locate it by key ID any more because the date hashed into the other bits
> and pieces changes the key ID.

I call this corrupt data.  The self-signature would not verify and thus
the key is unusable.  Time to remember where you stored the backup.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.