Re: [openpgp] V5 Fingerprint again
Vincent Breitmoser <look@my.amazin.horse> Thu, 02 March 2017 13:31 UTC
Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FD7C129546 for <openpgp@ietfa.amsl.com>; Thu, 2 Mar 2017 05:31:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05hDmiIMvEfd for <openpgp@ietfa.amsl.com>; Thu, 2 Mar 2017 05:31:07 -0800 (PST)
Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F0B3129464 for <openpgp@ietf.org>; Thu, 2 Mar 2017 05:31:06 -0800 (PST)
Received: from localhost (gate.ibr.cs.tu-bs.de [134.169.34.1]) by mail.mugenguild.com (Postfix) with ESMTPSA id 864A65FA58; Thu, 2 Mar 2017 14:31:05 +0100 (CET)
Date: Thu, 02 Mar 2017 14:31:05 +0100
From: Vincent Breitmoser <look@my.amazin.horse>
To: Thijs van Dijk <schnabbel@inurbanus.nl>
Message-ID: <20170302133105.3eijwflvyoddsqb7@calamity>
References: <CAMm+Lwju5i5xHt=ma6Ush4_4dfZNwOi2=2km+6Qja+sDbkvbxg@mail.gmail.com> <CADGaDpFoBt1=eZHxo4q=Yb24NYyy1sudFn_h=MTZE3_wiRVXJw@mail.gmail.com> <87lgsoah35.fsf@wheatstone.g10code.de> <9E0B568A-6BFB-402B-A445-C1B31FF4D9A6@my.amazin.horse> <CADGaDpE-OzPafDO89=JB-6X=EER3AUnrGbCGi96vaN9E0vyydg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADGaDpE-OzPafDO89=JB-6X=EER3AUnrGbCGi96vaN9E0vyydg@mail.gmail.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/J7sk95bJJ8CSJL7e0GA61vV0xkc>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] V5 Fingerprint again
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 13:31:08 -0000
> Interesting. How do you envision handling an updated selfsig (e.g. to move > the expiration date forward) with a stronger hash than before? > To me, this seems like the most obvious upgrade path (i.e. a way for users > to force moving to a stronger hash), but when taken literally we've just > retroactively revoked all previous signatures. I don't think this works as an upgrade path really. Both for the reason you mention, and also because packets can be suppressed. The best we can probably do here is try and not allow worse than the weakest link. > One could have a gnuk or yubikey generate the key, and if the user agent > *defaults* to sha1 (regardless of whether or not it can support stronger > hashes) you'll have triggered this scenario. Seems like a good outcome if this type of misconfiguration is punished. - V
- [openpgp] V5 Fingerprint again Phillip Hallam-Baker
- Re: [openpgp] V5 Fingerprint again KellerFuchs
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Robert J. Hansen
- Re: [openpgp] V5 Fingerprint again Leo Gaspard
- Re: [openpgp] V5 Fingerprint again Derek Atkins
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Leo Gaspard
- Re: [openpgp] V5 Fingerprint again Vincent Breitmoser
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Vincent Breitmoser
- Re: [openpgp] V5 Fingerprint again KellerFuchs