IETF Logo Mail Archive

Re: [openpgp] Fingerprints

Werner Koch <wk@gnupg.org> Fri, 10 April 2015 14:01 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD6491B3643 for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 07:01:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eZtQnOleIt9Z for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 07:01:35 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C5011B3640 for <openpgp@ietf.org>; Fri, 10 Apr 2015 07:01:35 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1YgZUz-0003XL-G8 for <openpgp@ietf.org>; Fri, 10 Apr 2015 16:01:33 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1YgZQs-0006qW-5U; Fri, 10 Apr 2015 15:57:18 +0200
From: Werner Koch <wk@gnupg.org>
To: Phillip Hallam-Baker <phill@hallambaker.com>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Mail-Followup-To: Phillip Hallam-Baker <phill@hallambaker.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "openpgp\@ietf.org" <openpgp@ietf.org>
Date: Fri, 10 Apr 2015 15:57:18 +0200
In-Reply-To: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> (Phillip Hallam-Baker's message of "Fri, 10 Apr 2015 09:23:18 -0400")
Message-ID: <87y4m0ozlt.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/IldXfgcKfrNBYXEKUOVjAOPI-nk>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 14:01:40 -0000

On Fri, 10 Apr 2015 15:23, phill@hallambaker.com said:

> There is no need to have an algorithm field, a version field is
> sufficient because we should only be using one algorithm at a given

Right.  However an algorithm field is as good as a version field because
they have the same purpose in this context.  An algorithm field saves us
a mapping to the actual algorithm.  Recall that OpenPGP uses an
one-octet indentifier and not an OID.

> time. There is no need for a length field either.

Agreed.

It is often useful to have a keyid to quickly (but insecure) refer to a
key.  I suggest to take it from the fingerprint bytes 1 to 4 (ignoring
the algorithm byte).  There is no need for a long keyid.  However, we
may also suggest a use like in git where you may abbreviate it as you
like - however the keyid should be non-normative because the protocol
should not make any use of it.

> I am also using SHA512 and truncating to 128 bits, then base 32
> encoding. The rationale for this is

Because there are several versions of BASE-32 I suggest the use of
z-base-32 which is used by Tahoe-LAFS and ZRTP.  The truncation length of
the hash should be match a best match for the base 32 encoding.

> * Fingerprints are the root of trust, there is an outside chance that
> SHA-2-256 might be broken but breaking SHA-2-512 truncated to 256 bits
> is a lot harder because it has 80 rounds rather than 64.

I think that should be discussed in the context of the new default hash
algorithm.


> The bit that will probably be controversial is how I am calculating
> them, over an X.509v3 KeyInfo block. There is method to the madness

X.509 has no definition for a fingerprint but OpenPG already uses a well
defined method to compute the fingerprint.  You can't compare the two
protocols or define a unique fingerprint method.

> If people really can't stomach ASN.1 code then we could do some other
> key format. But the problem then becomes having to specify how to

We want to do an rfc4880bis and not an entire new protocol.  Thus any
ASN.1 encoding is not an option.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email