IETF Logo Mail Archive

Re: [openpgp] Fingerprints

Werner Koch <wk@gnupg.org> Sat, 11 April 2015 10:51 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E1701A8F42 for <openpgp@ietfa.amsl.com>; Sat, 11 Apr 2015 03:51:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GdsMSjUY37IV for <openpgp@ietfa.amsl.com>; Sat, 11 Apr 2015 03:51:35 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 317D31A8772 for <openpgp@ietf.org>; Sat, 11 Apr 2015 03:51:35 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Ygt0f-0005iD-Ix for <openpgp@ietf.org>; Sat, 11 Apr 2015 12:51:33 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1Ygsw5-0001vy-0K; Sat, 11 Apr 2015 12:46:49 +0200
From: Werner Koch <wk@gnupg.org>
To: Christoph Anton Mitterer <calestyo@scientia.net>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87y4m0ozlt.fsf@vigenere.g10code.de> <1428701837.6212.145.camel@scientia.net>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Mail-Followup-To: Christoph Anton Mitterer <calestyo@scientia.net>, openpgp@ietf.org
Date: Sat, 11 Apr 2015 12:46:48 +0200
In-Reply-To: <1428701837.6212.145.camel@scientia.net> (Christoph Anton Mitterer's message of "Fri, 10 Apr 2015 23:37:17 +0200")
Message-ID: <87vbh3ndrb.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/JYcRf3GMHs5JgAlJmAICRBK1g94>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2015 10:51:37 -0000

On Fri, 10 Apr 2015 23:37, calestyo@scientia.net said:

> Why? Isn't that exactly what the past has taught us? That using one
> fixed fingerprint algo leads into all kinds of troubles?

Trouble with a fingerprint?  I am interested to hear about such a case.
(ssh's default use of MD5 does not count).

>> key.
> And it caused also issues, when people *did* assume they'd be secure.

Yeah, similar to the common behaviour of only comparing the first and
last 2 bytes of SHA-1 fingerprints and checksums.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email