Re: [openpgp] Version 5 key and fingerprint proposal
Werner Koch <wk@gnupg.org> Tue, 14 March 2017 10:22 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C14B31293DC for <openpgp@ietfa.amsl.com>; Tue, 14 Mar 2017 03:22:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5GSjF3T1XMFy for <openpgp@ietfa.amsl.com>; Tue, 14 Mar 2017 03:22:18 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6B46127ABE for <openpgp@ietf.org>; Tue, 14 Mar 2017 03:22:18 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cnjap-00023J-W5 for <openpgp@ietf.org>; Tue, 14 Mar 2017 11:22:16 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cnjWh-0007V7-3p; Tue, 14 Mar 2017 11:17:59 +0100
From: Werner Koch <wk@gnupg.org>
To: Jon Callas <joncallas@icloud.com>
References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <CABcZeBMhpXy-e9Mtp8LwfqfAVW_ks3JBw1H2N3H_0c4gpQBqpg@mail.gmail.com> <DAC23A62-14BF-4AAA-8E52-09029B279E8F@icloud.com> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com>
Organisation: The GnuPG Project
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367
Mail-Followup-To: Jon Callas <joncallas@icloud.com>, IETF OpenPGP <openpgp@ietf.org>
Date: Tue, 14 Mar 2017 11:17:48 +0100
In-Reply-To: <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> (Jon Callas's message of "Fri, 10 Mar 2017 14:13:35 -0800")
Message-ID: <87mvco40xf.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Indigo_Clinton_Dick_Cheney_subversive_S_Box_ASO_Operation_Iraqi=Free"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/JQuSAqZnGGZvVMsKD-gHP3MOytg>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Version 5 key and fingerprint proposal
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 10:22:20 -0000
On Fri, 10 Mar 2017 23:13, joncallas@icloud.com said: > This is a different suggestion, one about SHA512/t, which has an > output length of 't' bits. It's a cute little hack that NIST put on > top of SHA-512 to get a variable-output hash function. Thanks for the pointer. However this changes the semantics: With SHA512/t we need to settle for a certain truncation because the fingerprint depends on T. The proposal defines a 32 byte fingerprint and only uses truncated versions for the two signature subpackets and the ECDH magic string. Thus when a SHA-256 truncated to 200 bits shows weaknesses, we only need to change the signature subpackets to use the full 256 bits to address this weakness. The fingerprint however will not change and there won't be a need to create new keys. You are right that computing a fingerprint should not be a performance problem. Thus we could also use SHA-512 as fingerprint algorithm and truncate it to 200 bits. I am actually slightly in favor of using SHA-512 (but not SHA-512/t). What do others think: - Use SHA-256 and truncated to 200 bits - Use SHA-512 and truncated to 200 bits - Anything else Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] Version 5 key and fingerprint proposal Werner Koch
- Re: [openpgp] Version 5 key and fingerprint propo… KellerFuchs
- Re: [openpgp] Version 5 key and fingerprint propo… Werner Koch
- Re: [openpgp] Version 5 key and fingerprint propo… Vincent Breitmoser
- Re: [openpgp] Version 5 key and fingerprint propo… KellerFuchs
- Re: [openpgp] Version 5 key and fingerprint propo… KellerFuchs
- Re: [openpgp] Version 5 key and fingerprint propo… Eric Rescorla
- Re: [openpgp] Version 5 key and fingerprint propo… Jon Callas
- Re: [openpgp] Version 5 key and fingerprint propo… Werner Koch
- Re: [openpgp] Version 5 key and fingerprint propo… Jon Callas
- Re: [openpgp] Version 5 key and fingerprint propo… Werner Koch
- Re: [openpgp] Version 5 key and fingerprint propo… Werner Koch
- Re: [openpgp] Version 5 key and fingerprint propo… Thijs van Dijk
- Re: [openpgp] Version 5 key and fingerprint propo… Peter Todd
- Re: [openpgp] Version 5 key and fingerprint propo… Werner Koch
- Re: [openpgp] Version 5 key and fingerprint propo… Peter Todd
- Re: [openpgp] Version 5 key and fingerprint propo… Thijs van Dijk
- Re: [openpgp] Version 5 key and fingerprint propo… Derek Atkins
- Re: [openpgp] Version 5 key and fingerprint propo… Peter Todd
- Re: [openpgp] Version 5 key and fingerprint propo… HANSEN, TONY L
- Re: [openpgp] Version 5 key and fingerprint propo… Werner Koch
- Re: [openpgp] Version 5 key and fingerprint propo… Peter Gutmann
- Re: [openpgp] Version 5 key and fingerprint propo… brian m. carlson
- Re: [openpgp] Version 5 key and fingerprint propo… Werner Koch
- Re: [openpgp] Version 5 key and fingerprint propo… Jon Callas
- Re: [openpgp] Version 5 key and fingerprint propo… Derek Atkins
- Re: [openpgp] Version 5 key and fingerprint propo… Ben McGinnes
- Re: [openpgp] Version 5 key and fingerprint propo… Vincent Breitmoser
- Re: [openpgp] Version 5 key and fingerprint propo… brian m. carlson