IETF Logo Mail Archive

Re: [openpgp] Expected client behaviour ambiguity in signature verification

Daniel Huigens <d.huigens@protonmail.com> Fri, 08 July 2022 14:23 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3042FC157B35 for <openpgp@ietfa.amsl.com>; Fri, 8 Jul 2022 07:23:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9tdYX1pAUDGH for <openpgp@ietfa.amsl.com>; Fri, 8 Jul 2022 07:23:02 -0700 (PDT)
Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24E30C14F75F for <openpgp@ietf.org>; Fri, 8 Jul 2022 07:23:02 -0700 (PDT)
Date: Fri, 08 Jul 2022 14:22:51 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1657290179; x=1657549379; bh=MIKSFg2AYtNkyzM3XYfXMTUD29QiCAey+6JjxZvV2Hk=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=f5+DBQHpbiCEv15RXtCs6cjNhLSPCDQcHua0OcrD3PtHZGjf1OruxsCZhgGipR1r5 lG84NtHTEy+K0Xbg+RhTDSlAqihe3TWX5ya836KaVV6NrTVbzsHkMPoGp1iCFYM139 /MiiGcTGl8hLfAeHyjBsYtjRavIHaQGC2qbqcBXeWPuwk3nkgYy9LEh2MBWF0wfwf2 RJSaL9BjdE7bW4uK1TBda/RAMSkj2ZDdi3bs77grJmq5xDh9nT7Y+lhf7jEHsA05tL m9WS6ZNyTPIoIrWNplZftsKagTM5VKhHQqjP/riB3vsNof4iD1tpPdkbsBZ24Q1TNv oKm6CS0AsHefg==
To: Justus Winter <justus@sequoia-pgp.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: Andrew Gallagher <andrewg@andrewg.com>, openpgp@ietf.org
Reply-To: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <ejV91k6cLZSWu6XKlMLLyVhrwpYOJWOD6q4Ekp6veU53kVA4kSNM1zZ1EoCJG2QJLlYoq2Rylxd7LWxssmPji5ozUn8iZHiD1f3x8vqJ2wc=@protonmail.com>
In-Reply-To: <87let3wxtj.fsf@europ.lan>
References: <d0483dcb-025b-37c2-9a26-e42133b506ac@andrewg.com> <rFGQzFpo7YRJdeCEIqSDMYYZhf_svkyx8UHG3GE__VMZFj2pRAbcTa-G9jjQoppUln1XNblYl6Lbjn7wMDMLqwzTJxB-hO0RwAofwLJL7wc=@protonmail.com> <87sfnbx3we.fsf@europ.lan> <HcMPnSrBDMEb2UqLScL9OTrornuJln5O0WG0ZBe2FLW3Q3YbJ9plFBKGJGdWYyVF-Wz9HA6supa9tXH5y8DfJTe05cUD5Uk0VciCnGuQNMo=@protonmail.com> <87pmifx2km.fsf@europ.lan> <Gjz95aE4GW3B-PIIf3VWobfxKwlSPyI-yU5L7B5zM-6QBv48RXZrrXvIkFQ5NUd9g64Ai9Adzqxahueo5LEqWRCY-Hjj9dRZeI2JYlaWqd4=@protonmail.com> <87let3wxtj.fsf@europ.lan>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/HOu-3FJM2ezVnAdnNDK6NsNe_sw>
Subject: Re: [openpgp] Expected client behaviour ambiguity in signature verification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2022 14:23:06 -0000

On Friday, July 8th, 2022 at 15:14, Justus Winter wrote:

> You said before that you prefer not to use the reordering heuristic.
> But how else should the keyserver fix the certificate?

I meant more that they could do a manual intervention for the keys where
that happened, perhaps. (Particularly in the case where the keyserver
itself broke the key, I didn't mean that they should fix up these keys
in general.) Then, they could also verify the signature packets with
each of the components, to check where it should be placed.

Obviously if we remove the hash prefix in v5, and the bug happens again
with v5 keys, and there are some third-party signatures that they can't
verify, then that won't be possible.

However, I don't think that's a very strong argument for keeping the
hash prefix: keyservers could do any number of things to corrupt or
break public keys, most of which are not recoverable. So I don't think
we should necessarily design around that possibility.

Best,
Daniel

v2.23.0 | Report a Bug | By Email