Re: [openpgp] Followup on fingerprints

ianG <iang@iang.org> Fri, 07 August 2015 02:06 UTC

Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CE0C1B35CC for <openpgp@ietfa.amsl.com>; Thu, 6 Aug 2015 19:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2GOtrVXbhYq for <openpgp@ietfa.amsl.com>; Thu, 6 Aug 2015 19:06:37 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECFCD1B35CE for <openpgp@ietf.org>; Thu, 6 Aug 2015 19:06:36 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 810CE6D73C; Thu, 6 Aug 2015 22:06:35 -0400 (EDT)
Message-ID: <55C412B3.8070706@iang.org>
Date: Fri, 07 Aug 2015 03:06:43 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <87twsn2wcz.fsf@vigenere.g10code.de> <87a8udd4u6.fsf@alice.fifthhorseman.net> <sjm61503182.fsf@securerf.ihtfp.org> <CAMm+LwgEVySpfL-iN2uzX-4tu7R+isDkHE9D8uAeLTxxd4VxqQ@mail.gmail.com> <sjmwpxc1kbv.fsf@securerf.ihtfp.org> <CAAS2fgR6LYck+km5Ze6S9z65ZgsR61d8md2CqojDaceZ0OrZrw@mail.gmail.com> <9c2c8c5df67c83925d7e3c21fe943483.squirrel@mail2.ihtfp.org> <20150803173231.GG3067@straylight.m.ringlet.net> <2439a89a6c4eb70044e144406a732482.squirrel@mail2.ihtfp.org> <87io8v7uqt.fsf@littlepip.fritz.box> <87h9of7p0e.fsf@littlepip.fritz.box> <87wpxbtuwk.fsf@vigenere.g10code.de> <CAAu18hez49oVhTwRLqv=3rifbg5q5+EqsSvBO0c-ezq+M_Qmyw@mail.gmail.com> <87614u4u7q.fsf@alice.fifthhorseman.net> <55C3836D.2040104@iang.org> <87d1z0763m.fsf@littlepip.fritz.box> <CAAu18hcnjnZjwZn-uPO936CHDABn_HmqOibtsrBC7Ya7b-93Lg@mail.gmail.com> <87lhdow7gj.fsf@alice.fifthhorseman.net> <CAMm+LwhKfEnRRoWGkR0+AAAd+5CGJa-VKPtyqM53ZVDPEW30TA@mail.gmail.com>
In-Reply-To: <CAMm+LwhKfEnRRoWGkR0+AAAd+5CGJa-VKPtyqM53ZVDPEW30TA@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/G80dV-k1r9a_v8o43sUB7gO6klI>
Subject: Re: [openpgp] Followup on fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 02:06:38 -0000

On 7/08/2015 02:20 am, Phillip Hallam-Baker wrote:
>
>
> On Thu, Aug 6, 2015 at 3:19 PM, Daniel Kahn Gillmor
> <dkg@fifthhorseman.net <mailto:dkg@fifthhorseman.net>> wrote:
>
>     On Thu 2015-08-06 12:12:48 -0400, Nicholas Cole wrote:
>     > There's actually just a more basic, practical problem. Most gpg tools
>     > assume unique fingerprints. Is it even possible to specify one key rather
>     > than another if both have the same fingerprint?
>
>     but what are the consequences of this?  If there's a specifically
>     troubling scenario that puts other people at risk, we should be able to
>     describe it.
>
>     If there isn't, then this suggests that actually using two keys with the
>     same fingerprint is a problem only for the person who holds the two
>     keys, right?
>
>     But that person has an easy (much cheaper in fact) way to proceed
>     without the problem: don't make a fingerprint collision in the first
>     place!
>
>
> Dan,
>
> The problem is that the person who is potentially at risk is not the key
> holder but the relying party who verifies the key.
>
> As with 'Domain Separation' it is a case where most of us prefer to be
> conservative unless there is a good reason to try the bleeding edge.
> Doubling the length of a printed fingerprint is clearly a problem.
> Having a big internal fingerprint isn't.
>
> Here, 100, 125 or 150 bits seem fine for a printed fingerprint and 256
> bits is comfortable for an internal one. Do we really need to go
> further? My original goal was to avoid having to go into this
> explanation at last call.


Are we arguing about a shortened internal identifier for the key? 
That's easy.  The full hash, please.



iang