Re: [openpgp] Deprecating SHA1

Phil Pennock <ietf-phil-openpgp@spodhuis.org> Sun, 25 October 2020 01:03 UTC

Return-Path: <ietf-phil-openpgp@spodhuis.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C06A83A0CBA for <openpgp@ietfa.amsl.com>; Sat, 24 Oct 2020 18:03:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=spodhuis.org header.b=wTQclK7+; dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=spodhuis.org header.b=eKQcwRW+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2TfqtjJwnrH for <openpgp@ietfa.amsl.com>; Sat, 24 Oct 2020 18:03:49 -0700 (PDT)
Received: from mx.spodhuis.org (smtp.spodhuis.org [IPv6:2a02:898:31:0:48:4558:736d:7470]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B26023A0CB9 for <openpgp@ietf.org>; Sat, 24 Oct 2020 18:03:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d202008; h=OpenPGP:In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:From:Reply-To:Subject:Date:To: Cc:Content-Transfer-Encoding:Content-ID:Content-Description:OpenPGP: Organization; bh=Z8jpLD/Ii+QcqhB5b+zFOsz/ENEzhCSp8wSUu8STvr8=; t=1603587829; x=1604797429; b=wTQclK7+Pau5DmSyGSNvXwwRQel3EWLSkayWTLVGHty7xzrePqYjdF3SNmRR 3DfAojyv7a3zzOxIYvuvdZQVP8fnuiqzor5ne3V5d2/o0kNFimovU527zGXHyWWjgxdy0ObHSctHg TCviMKHChqkTyoby753kd0ilghZoBcIznekAQ50OA8fxdmZC4WGh0060mLs/vT37iVpp0lN1AhlZu MwDxwQLHVgI5G6OyDeBlTBaMzij4+EgB22rWYqTIj+zj0viXmY6MRFx8Wo8KEprBvmsWiiIxKdg+1 pxizLeA5PeOmUAxM9lw/QwTZDlZ1pIe4u3VRTRv9xkxZmFfDMVw==;
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d202008e2; h=OpenPGP:In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:From:Reply-To:Subject:Date:To: Cc:Content-Transfer-Encoding:Content-ID:Content-Description:OpenPGP: Organization; bh=Z8jpLD/Ii+QcqhB5b+zFOsz/ENEzhCSp8wSUu8STvr8=; t=1603587829; x=1604797429; b=eKQcwRW+5eoB2qhTHao0huvdTkPmP9Sw0OJE7kN9y3Cxik2kG0+TbrI9n+rS s4HIhdzQahH3f2aAdaJny7oTBg==;
Received: from authenticated user by smtp.spodhuis.org with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) id 1kWURm-0006un-1S; Sun, 25 Oct 2020 01:03:46 +0000
Date: Sat, 24 Oct 2020 21:03:43 -0400
From: Phil Pennock <ietf-phil-openpgp@spodhuis.org>
To: "Neal H. Walfield" <neal@walfield.org>
Cc: openpgp@ietf.org
Message-ID: <20201025010343.GA1089002@fullerene.field.pennock-tech.net>
Mail-Followup-To: "Neal H. Walfield" <neal@walfield.org>, openpgp@ietf.org
References: <87sga5xg03.wl-neal@walfield.org> <20201023192317.GA444398@fullerene.field.pennock-tech.net> <87lffvy6kf.wl-neal@walfield.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87lffvy6kf.wl-neal@walfield.org>
OpenPGP: url=https://www.security.spodhuis.org/PGP/keys/keys-2013rsa-2020cv25519.asc
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Fzw1UgMqJ00TJv4_FwoE_tQuPtg>
Subject: Re: [openpgp] Deprecating SHA1
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Oct 2020 01:03:52 -0000

On 2020-10-24 at 17:41 +0200, Neal H. Walfield wrote:
> I wasn't aware of this, thanks for pointing it out.  Unfortunately,
> for many keys it is not enough.

[profanity]

> There are three types of signatures that we should worry about:
> 
>   1. User ID (and User Attribute) self signatures
>   2. Subkey binding signatures
>   3. Primary key binding signatures (a signing-capable subkey's "backsig")

Okay, I think the cases I hit didn't have this, or folks took time to
add new subkeys when things expired.  The UID self-sig is the one needed
to let the web-of-trust calculate without SHA1 so is what I cared about.

For myself, even with the oldest key, using expiring subkeys and
refreshing periodically with newer subkeys, everything _except_ the
self-sig had updated automatically by the time I went looking.

I think really we need some nice pgpkey-sanitycheck command-line tool,
from any project, which looks purely at public key information, so
doesn't need to care about internals (private keys, keyboxes, etc).

Such a tool might then report on outdated algorithms used in important
places, while avoiding getting into the political mess of which
algorithm order preferences should be included in a key.

Deprecating X without tools to make it _trivial_ for people to tell if
they're affected by X is going to be frustrating.  In my previous email,
I didn't mention the diagnostics I used to show people that their key
was affected, but it involved `gpg --list-packets` and it was not
pretty.

I held off on "asking others to write software for me" in the previous
post, keeping it to "this exists now".  This time around, I'm throwing
out a "Hey, pgpkey-sanitycheck would be a nice tool to have, folks" and
running away.

-Phil