Re: acceptable comment lines in between pgp header and message block
"Michael Young" <mwy-opgp97@the-youngs.org> Thu, 31 October 2002 16:37 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA29854 for <openpgp-archive@lists.ietf.org>; Thu, 31 Oct 2002 11:37:46 -0500 (EST)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g9VGQCm23429 for ietf-openpgp-bks; Thu, 31 Oct 2002 08:26:12 -0800 (PST)
Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g9VGQAW23422 for <ietf-openpgp@imc.org>; Thu, 31 Oct 2002 08:26:11 -0800 (PST)
Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id LAA16142 for <ietf-openpgp@imc.org>; Thu, 31 Oct 2002 11:11:59 -0500 (EST)
Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id LAA08037 for <ietf-openpgp@imc.org>; Thu, 31 Oct 2002 11:25:55 -0500 (EST)
Message-ID: <000c01c280fa$2af9f9c0$f0c12609@transarc.ibm.com>
From: Michael Young <mwy-opgp97@the-youngs.org>
To: ietf-openpgp@imc.org
References: <200210302103.g9UL3T3K030446@compute3.lok.com>
Subject: Re: acceptable comment lines in between pgp header and message block
Date: Thu, 31 Oct 2002 11:25:30 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: <vedaal@lok.com> > are there any other line headings that are acceptable? > {i.e. will not invalidate a signature if placed into a signed message} Section 6.2 of draft 6 mentions the following: Version, Comment, MessageId, Hash, and Charset. It *suggests* that implementations emit warnings for others that they do not understand, but process the message anyway. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPcFZd1MkvpTT8vCGEQKAPgCgiXIove9tHv+Z/XZkNXxqEGAnXhUAoJoc fCK/9EPKXebvj5ZWbxPYrD1S =MWxN -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g9VGQCm23429 for ietf-openpgp-bks; Thu, 31 Oct 2002 08:26:12 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g9VGQAW23422 for <ietf-openpgp@imc.org>; Thu, 31 Oct 2002 08:26:11 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id LAA16142 for <ietf-openpgp@imc.org>; Thu, 31 Oct 2002 11:11:59 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id LAA08037 for <ietf-openpgp@imc.org>; Thu, 31 Oct 2002 11:25:55 -0500 (EST) Message-ID: <000c01c280fa$2af9f9c0$f0c12609@transarc.ibm.com> From: "Michael Young" <mwy-opgp97@the-youngs.org> To: <ietf-openpgp@imc.org> References: <200210302103.g9UL3T3K030446@compute3.lok.com> Subject: Re: acceptable comment lines in between pgp header and message block Date: Thu, 31 Oct 2002 11:25:30 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: <vedaal@lok.com> > are there any other line headings that are acceptable? > {i.e. will not invalidate a signature if placed into a signed message} Section 6.2 of draft 6 mentions the following: Version, Comment, MessageId, Hash, and Charset. It *suggests* that implementations emit warnings for others that they do not understand, but process the message anyway. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPcFZd1MkvpTT8vCGEQKAPgCgiXIove9tHv+Z/XZkNXxqEGAnXhUAoJoc fCK/9EPKXebvj5ZWbxPYrD1S =MWxN -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g9UL3fq14299 for ietf-openpgp-bks; Wed, 30 Oct 2002 13:03:41 -0800 (PST) Received: from compute3.lok.com (root@compute3.lok.com [63.240.72.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g9UL3dW14289 for <ietf-openpgp@imc.org>; Wed, 30 Oct 2002 13:03:39 -0800 (PST) Received: from compute3.lok.com (vedaal@localhost [127.0.0.1]) by compute3.lok.com (8.12.2/8.11.3) with ESMTP id g9UL3T3K030446 for <ietf-openpgp@imc.org>; Wed, 30 Oct 2002 16:03:39 -0500 (EST) Message-Id: <200210302103.g9UL3T3K030446@compute3.lok.com> From: vedaal@lok.com To: ietf-openpgp@imc.org Subject: acceptable comment lines in between pgp header and message block X-LokTek-Version: v2.3.3 Date: Wed, 30 Oct 2002 16:03:28 -0500 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> have been under the impression that the only lines accetable in between the pgp header and message block {or the pgp signature header and signature block} were: [1] HASH identification [2] Version identification [3] Comment: lines pgp 2.x also has a 'Charset:' line identifying the character set used {this line is acceptable to all versions of pgp and gnupg} are there any other line headings that are acceptable? {i.e. will not invalidate a signature if placed into a signed message} tia, vedaal Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g9LAVMI10769 for ietf-openpgp-bks; Mon, 21 Oct 2002 03:31:22 -0700 (PDT) Received: from mail.glueckkanja.com (mail.glueckkanja.com [62.8.243.3]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g9LAVKW10762 for <ietf-openpgp@imc.org>; Mon, 21 Oct 2002 03:31:21 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Text canonicalization Date: Mon, 21 Oct 2002 12:31:14 +0200 Message-ID: <2F89C141B5B67645BB56C03853757882481693@guk1d002.glueckkanja.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Text canonicalization thread-index: AcJ2z3PMl4FjzSczQc+D9eFI79WGYACGzkGA From: "Dominikus Scherkl" <Dominikus.Scherkl@glueckkanja.com> To: "Florian Weimer" <Weimer@CERT.Uni-Stuttgart.DE>, <ietf-openpgp@imc.org> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g9LAVLW10765 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Hi. > > What about the other line ending characters? With Unicode (or even > > ISO-8859-x close to an EBCDIC environment), there a few more > > characters which could end a line. > > Let me repeat this question. ;-) > > If you look at the discussion about the XML 1.1 specification, you'll > see that there is a real ambiguity. All behind the 128-bit ASCII code should be left unchanged. This will do no harm, because all other soft- and hardware in the trasportsystem will do the same. If an editor interpret those "in text format comands", it might do (for display reasons) but should also not change the text!!! Again: This is not a topic to PGP at all, because those chars are uncritical to the mail-system. The whole thing about CR and LF is, that the mail sytem on some systems change them, insert additional whitespace to the end or cut it of - nothing like this will happen to unicode line endings. Best Regards -- Dominikus Scherkl dominikus.scherkl@glueckkanja.com Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g9IHg3K06898 for ietf-openpgp-bks; Fri, 18 Oct 2002 10:42:03 -0700 (PDT) Received: from Mail.CERT.Uni-Stuttgart.DE (mail.cert.uni-stuttgart.de [129.69.16.17]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g9IHg2W06890 for <ietf-openpgp@imc.org>; Fri, 18 Oct 2002 10:42:03 -0700 (PDT) Received: from rusfw by Mail.CERT.Uni-Stuttgart.DE with local (Exim 4.04) id 182b8N-0005w0-00 for ietf-openpgp@imc.org; Fri, 18 Oct 2002 19:42:03 +0200 To: ietf-openpgp@imc.org Subject: Re: Text canonicalization References: <200112051759.JAA27637@finney.org> <tg7ks1mnwe.fsf@mercury.rus.uni-stuttgart.de> From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE> Date: Fri, 18 Oct 2002 19:42:03 +0200 In-Reply-To: <tg7ks1mnwe.fsf@mercury.rus.uni-stuttgart.de> (Florian Weimer's message of "05 Dec 2001 21:07:29 +0100") Message-ID: <873cr3skyc.fsf@Login.CERT.Uni-Stuttgart.DE> Lines: 21 User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2 (i386-debian-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE> writes: > hal@finney.org writes: > >> The first is that it does not make clear what constitutes line endings. >> In PGP we treat CR LF, CR, and LF all as line endings and convert each >> one to CR LF. > > What about the other line ending characters? With Unicode (or even > ISO-8859-x close to an EBCDIC environment), there a few more > characters which could end a line. Let me repeat this question. ;-) If you look at the discussion about the XML 1.1 specification, you'll see that there is a real ambiguity. -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g9880aT16077 for ietf-openpgp-bks; Tue, 8 Oct 2002 01:00:36 -0700 (PDT) Received: from hackserv.saiknes.lv (hackserv.klinkmann.lv [195.2.103.8]) by above.proper.com (8.11.6/8.11.3) with SMTP id g9880Xv16063 for <ietf-openpgp@imc.org>; Tue, 8 Oct 2002 01:00:34 -0700 (PDT) Received: from saiknes.lv (unverified [195.2.103.8]) by hackserv.saiknes.lv (SMTPRCV 0.45) with SMTP id <B0001617490@hackserv.saiknes.lv>; Tue, 08 Oct 2002 09:55:01 0200 Message-ID: <3DA28F55.26D6C69D@saiknes.lv> Date: Tue, 08 Oct 2002 09:55:01 +0200 From: disastry@saiknes.lv X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en,lv,ru MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: ASN.1 OID for TIGER/192 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Jon Callas wrote: > I confess I am wondering why this is needed. Five years ago, we flirted with > Tiger and Haval because you need wider hashes for better signatures. but then HAVAL-5-160 was selected. I wonder why not 256.. > 192 > bits is a bit dodgy because it only gets you an effective strength of 96 > bits (over 80 bits for SHA-1). > Today, we have all the wide SHAs in the > suite, which balance with symmetric ciphers up to 256 bits of key size. > Adding in TIGER/192 now seems like too little, too late. In 1998, this would > have been great. In 2002 (pushing 2003), it's at best a yawn. > > In short, here's a pragmatic question I have: if I were making a signature > today, and I thought that SHA-1 weren't big enough, why would I want to use > TIGER/192 over SHA-{256|384|512}? hmm.. it's faster (but it's weak argument) > Without a good answer to that question, I don't see why it should be there. > I'm even slightly sympathetic to people who think it and HAVAL should be > removed. They've both been overtaken by events. > Jon or replaced with HAVAL-5-256. I agree there is no need for 3rd 160bit hash, but maybe alternate 256bit one... __ Disastry http://disastry.dhs.org/ http://disastry.dhs.org/pgp ^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes) -----BEGIN PGP SIGNATURE----- Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1 iQA/AwUBPaJzFzBaTVEuJQxkEQMzOACgo12QO17DjHe5xf4JnGK84AOl4KIAmQEy 92QuFIOzJpsHV96BPBTgwpL9 =Q2X9 -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g979HeV14883 for ietf-openpgp-bks; Mon, 7 Oct 2002 02:17:40 -0700 (PDT) Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g979Hdv14879 for <ietf-openpgp@imc.org>; Mon, 7 Oct 2002 02:17:39 -0700 (PDT) Received: from [213.11.213.8] (63.73.97.165) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.1.2) for <ietf-openpgp@imc.org>; Sun, 6 Oct 2002 14:43:00 -0700 User-Agent: Microsoft-Entourage/10.1.0.2006 Date: Sun, 06 Oct 2002 14:43:02 -0700 Subject: Re: ASN.1 OID for TIGER/192 From: Jon Callas <jon@callas.org> To: OpenPGP <ietf-openpgp@imc.org> Message-ID: <B9C5FC76.A0AE%jon@callas.org> In-Reply-To: <3D9A1198.ADA4DCC9@zetnet.co.uk> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> I confess I am wondering why this is needed. Five years ago, we flirted with Tiger and Haval because you need wider hashes for better signatures. 192 bits is a bit dodgy because it only gets you an effective strength of 96 bits (over 80 bits for SHA-1). Today, we have all the wide SHAs in the suite, which balance with symmetric ciphers up to 256 bits of key size. Adding in TIGER/192 now seems like too little, too late. In 1998, this would have been great. In 2002 (pushing 2003), it's at best a yawn. In short, here's a pragmatic question I have: if I were making a signature today, and I thought that SHA-1 weren't big enough, why would I want to use TIGER/192 over SHA-{256|384|512}? Without a good answer to that question, I don't see why it should be there. I'm even slightly sympathetic to people who think it and HAVAL should be removed. They've both been overtaken by events. Jon Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g91KO8h01081 for ietf-openpgp-bks; Tue, 1 Oct 2002 13:24:08 -0700 (PDT) Received: from mailout.zetnet.co.uk (mail@new-tonge.zetnet.co.uk [194.247.47.231]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g91KO4v01075 for <ietf-openpgp@imc.org>; Tue, 1 Oct 2002 13:24:05 -0700 (PDT) Received: from irwell.zetnet.co.uk ([194.247.47.48] helo=zetnet.co.uk) by mailout.zetnet.co.uk with esmtp (Exim 3.35 #1 (Debian)) id 17wTYg-0004pC-00 for <ietf-openpgp@imc.org>; Tue, 01 Oct 2002 21:23:54 +0100 Received: from zetnet.co.uk (bts-0076.dialup.zetnet.co.uk [194.247.48.76]) by zetnet.co.uk (8.11.3/8.11.3/Debian 8.11.2-1) with ESMTP id g91KNol04586 for <ietf-openpgp@imc.org>; Tue, 1 Oct 2002 21:23:52 +0100 Message-ID: <3D9A1198.ADA4DCC9@zetnet.co.uk> Date: Tue, 01 Oct 2002 21:20:24 +0000 From: David Hopwood <david.hopwood@zetnet.co.uk> X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en-GB,en,fr-FR,fr,de-DE,de,ru MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: ASN.1 OID for TIGER/192 References: <20020927125550.GA14033@akamai.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> -----BEGIN PGP SIGNED MESSAGE----- David Shaw wrote: > In 2440 and in all the 2440bis drafts, the TIGER/192 hash is not fully > usable as it has no OID. Werner Koch and I, with the cooperation of > TIGER's authors, recently arranged an OID for it: > > 1.3.6.1.4.1.11591.12.2 I hope that is only the OID for Tiger-192 with 3 passes (as used by OpenPGP), not Tiger in general. SHA-256, SHA-384 and SHA-512, for example, have separate OIDs. > It would be good to put this in 2440bis so TIGER will be usable. Note the potential problems with the Tiger specification and test vectors described here: <http://www.users.zetnet.co.uk/hopwood/crypto/scan/md.html#Tiger> > I have a sneaking suspicion that this may raise the question whether > TIGER should be in the standard at all, as so long as it did not have > an OID, the question was moot. I have no strong feelings on this > point, but if we are not going to allow the use of TIGER, then perhaps > we should remove it from the standard altogether or explicitly > disallow its use as the current halfway state is confusing now that > there is an OID available. I agree, and the same applies to HAVAL. However, my vote is to remove both Tiger and HAVAL; there's no reason to believe they have any security or other advantages over the other supported hashes. - -- David Hopwood <david.hopwood@zetnet.co.uk> Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/ RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 Nothing in this message is intended to be legally binding. If I revoke a public key but refuse to specify why, it is because the private key has been seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBPZlHADkCAxeYt5gVAQH93AgAwwbTGnPilXu3I9dG3lxY31djiGGOHix3 Ij+X0ZtD1M7mCl40CHXad4BqDdCzZKJU7qaqdL1P4iNWoSB+Iy1hgDoTkpSGMQgD +I/EBsaZ/pZqYP6Xe8VN7jiuvJdy7AhcwSgx8xakKDwziJ+9vMemTwrZpz7D4/BE 0c228tbx/LtzkAqxgwtTfuGWYpnr9/X0AAU6GeWUGKUHWhrNkB9HOAfIxk9MJWp5 8oRpOQbUyx3bsESYLx8uXM354PhipcYJgpsmOJwzik+XeOtVBtqXjB81SyTlUTe5 rolhUnX6U7YWAhEKaOfgvO1Rkz5MoYaddWISrSlviu3Onep40dajkQ== =iPlM -----END PGP SIGNATURE-----