IETF Logo Mail Archive

[openpgp] Fingerprint requirements for OpenPGP

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 12 April 2016 00:40 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5820112D7AA for <openpgp@ietfa.amsl.com>; Mon, 11 Apr 2016 17:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 489OASAApVs5 for <openpgp@ietfa.amsl.com>; Mon, 11 Apr 2016 17:40:24 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by ietfa.amsl.com (Postfix) with ESMTP id 4D0AC12D757 for <openpgp@ietf.org>; Mon, 11 Apr 2016 17:40:24 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 87539F991 for <openpgp@ietf.org>; Mon, 11 Apr 2016 20:40:22 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 37E7C20143; Mon, 11 Apr 2016 20:40:22 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: IETF OpenPGP <openpgp@ietf.org>
User-Agent: Notmuch/0.21+124~gbf604e9 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Mon, 11 Apr 2016 20:40:22 -0400
Message-ID: <87vb3nslqh.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/JL3D9Pbms6Y7BdzVU-UxYdxZBw8>
Subject: [openpgp] Fingerprint requirements for OpenPGP
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2016 00:40:26 -0000

Hi all--

I was hoping to see someone write up the specific use cases for the
OpenPGP fingerprint, but i haven't seen it yet, so i'm trying to do that
here.

I tend to agree with the discussion elsewhere in this thread that
"internal database ID" is *not* the defining use case for the
fingerprint, so i'm not including it here.

I think there are only two use cases:

 a) looking up a particular OpenPGP key in some remote database like a
    public keyserver
 
 b) confirming that a particular key matches some out-of-band
    communication

These are things that might happen by fingerprint transfer via any of:

 * business cards (pre-planned, printed)

 * scraps of paper (impromptu, hand-written)

 * over the telephone or other voice channels

 * copy and paste from a non-OpenPGP-specific message (chat, e-mail,
   etc)

Note that a human is always in the loop in these transfers.  If no human
is in the loop, we do not need the fingerprint, and can (and probably
should) use some other technique.

As such, i think we have these human-specific constraints:

 * the fingerprint should be identifiable as a fingerprint, including
   where it starts and where it stops.

 * it should avoid ambiguity -- readers shouldn't have to puzzle over
   whether a character is an "o" or an "O" or a "0", for example, and
   writers shouldn't have to worry about it either.

 * there should be one (and exactly one) fingerprint per key; otherwise
   comparisons become impossible.

 * it should be as close as possible to the human attention span -- this
   is Vincent's point, i think.  Humans really can't reliably deal with
   512 bits of entropy when doing any kind of data entry or comparison.

 * data entry should be easy to do with standard tools

And we have these machine-specific constraints:

 * it should be cheap to compute from a given key -- you shouldn't need
   a gig of RAM or a minute of CPU to calculate the fingerprints of any
   key.

 * it should be strong enough that we do not believe anyone can create a
   key with a fingerprint that collides with another key's fingerprint

And these spec constraints:

 * it should be easy for implementers to understand and generate

Is this problem framed correctly?

If not, what's missing?

If so, can someone try to apply it to one of the fingerprint proposals
and see what the takeaway is?

   --dkg

v2.23.0 | Report a Bug | By Email