Re: [openpgp] Should signatures be rejected if the embedded hash prefix does not match?
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 01 March 2023 11:35 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62FC0C151557 for <openpgp@ietfa.amsl.com>; Wed, 1 Mar 2023 03:35:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.999
X-Spam-Level:
X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x6mffuBrXBzR for <openpgp@ietfa.amsl.com>; Wed, 1 Mar 2023 03:34:55 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20711.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::711]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 402D7C14F75F for <openpgp@ietf.org>; Wed, 1 Mar 2023 03:34:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CasyCxdyFQ7UkER2BGs43NgAkqXWW+p7krLRDyrpTJUjREPSGzlJe+gHNxf8bmEIZsZm4iHlkJW+DVJNGUGNCBmOrgx3xHfWWXTo14o5f0pE7SZ/lRjunxKLEhufeE2AQrqeHQG7Hn/WcCDNAfaqJnuVrRA8qcMxLbddLBq7OcCuMamk9Nkfx79YF9mZBIk5HXxYsxfBqSmi8/tagDTSbI+Mw1WvO+obh6VqRQpyzub9ms1+21JFyemDVCK1J/BjiRm9TLy/12xYJRvWQQpovjEswpXo3OQJn2hn1ktcXJZMtd3YavIfEm3j4HKvx9SRRTGFjy3pYq822kDR/+jn+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YsL8Poe8mhQWod6HDOU5+d54qw9DjGp1B2vyDPWqeKg=; b=KHPvHAq2m6SNFEKsCI4HR3BvIxXSBFwVSrECmdvtM/N0XsBkloeCQKLL9CV1xX8eA0A6www2BKIHc9KxmmorXZ/1Zxdt+F7jgjc0mXdi7YxgFCnehQu3xN+4giooc6XgdtInXvhFCbO8TSdKh4R7zGVItlpfnrnbzhpDiekixz34iYNuiDX450mKbBVruU+cJTLJmvBaYGRFxBnEXSj1wtpWcKSZQ1hNhpAVH2xmtu0gLefGnLeLNgADDYIM9CQCTJcMTlEEVWvSMm6igyQcToT6KebXYQB9XDBoViVeayxkpDgRXzYQyUjDFtkF8jmA7AX2N2OQREM62Fonb+zpAA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YsL8Poe8mhQWod6HDOU5+d54qw9DjGp1B2vyDPWqeKg=; b=AwzIOz37zyiOzf7q/pZwLIq82MI3vjn+RkMx5aUzLnTCWWoUjE6NUbnCU5Lv6ANCQSQ3Sz9uT/RSmTXSUsF03Ae2aqVjJ3pCh/ctrBsxi9R6AA11yejNQV+sAmOGkM7frKrSLcjLP9DqbSa3GIuH+DZy6rWkkprvnPFr6zBQLirvnszPntuqaKZabFPFSEBiov2l81gKY95zERHm7u9Hrsa+G4kVVje/3X7HQtAGYzyPxpQd4XSEfwZXxQLPwC5SUf3OQKNY+EmEbFKty9/QHhE+kq3zeuiVhbYePtzWSrh7V/B+9BKyuRUhqWwj/4XE5O8wG3+cXa9LyJ1eOJmOQw==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AM7PR02MB5970.eurprd02.prod.outlook.com (2603:10a6:20b:1a9::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.18; Wed, 1 Mar 2023 11:34:46 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::cd:791c:5e7a:a678]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::cd:791c:5e7a:a678%4]) with mapi id 15.20.6134.030; Wed, 1 Mar 2023 11:34:46 +0000
Message-ID: <7393308e-9c92-c104-e5e2-7ca939cb484c@cs.tcd.ie>
Date: Wed, 01 Mar 2023 11:34:44 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1
Content-Language: en-US
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
References: <87lekkts65.fsf@fifthhorseman.net> <d759691a-c447-f66d-b839-f1b87e6b89af@andrewg.com> <87y1oj5ltj.fsf@europ.lan> <edeb91b0-6e7e-fa35-c571-d16dff433871@andrewg.com> <87v8jn5e4k.fsf@europ.lan> <55c56429-e1b1-97d3-5ad3-c54a69428143@andrewg.com> <87sfer588g.fsf@europ.lan> <b2a78baa-4636-9353-e079-232d580806a0@andrewg.com> <87o7pe69m6.fsf@europ.lan> <6lLcuziqTC31StjVfWBQYzemBHmXkVQG_LV6cIQ1lQU7qtOTr-HKCRHzxSY5LXsFU_BnnElSN0zry-RGK8TtC5cM_Ab4KsuWSPON8-82ZOM=@protonmail.com> <ebd88ec4-787b-fea7-f822-e6b514343dba@andrewg.com> <87wn41ru96.fsf@fifthhorseman.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <87wn41ru96.fsf@fifthhorseman.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------OzoG1QOdW8CDbdY0NhegneaG"
X-ClientProxiedBy: DU2PR04CA0297.eurprd04.prod.outlook.com (2603:10a6:10:28c::32) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AM7PR02MB5970:EE_
X-MS-Office365-Filtering-Correlation-Id: 27ead058-537d-4706-4d16-08db1a48f58f
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: FxTNnSHRQxa7g5jIbkoje4gxHY4yExqsIWrJlf4KNWnQCq7DH5r2nf50fn4G8+UyeGgigBZXLPXgEMehTB2kGby4XITNSjaFSsknHWDFdW8myIXW6A2+TTYa8lXGUDne/dYkdn2W7oLd7Y1HNu0pAYzQvSYBa8Qnz81cl35MWzthwvhtm6LpkOfAdS0F4AkLAF7FK5Y4DKjQDAcRh/E6bWZ3cNPWfwisi7H1XgOEJSXIb4Khd7b3GHR34DRxCqYLkuyr7EsvrI9hpYjGT0wRKwsBQOMuFsMMwBgWE6HGgFzQ3zBQ7ghPkf5dNtK27ZwPHEEWPj5REHnAV55ZQ6DUK/j0EFKAyb7uT9MzO9hxyunc/KsCCZYC8vMhfoXykBz9DH4O5fbuhJzzIwfpjQ5zCRJHURLbSIEvtVOPl+EgoQWy34XdT9/pm+Eu0zc7fhtNRlb5Ozt0hA8Br1UzWQjbqGd4N9cc4W0OEVdP8AOjZfkTP5rUAqG3yOroMfPBtRF8JWXCse1rij3SkX1kelMyb2TpsNBAt0WjmNlw1+ZOVY6I0x3O3f26jKXFKUFnb9EWjEwmlRa2qenHSGiZv+4pFLIdvmLW3T0WFHrlrAHUxZfQCvgSAQFOXKgMQE3FTkh8Nog8lafHajj310zbyIB8h0c2LXY9Q69L5G+pbVuNn5+6UNwKn5A2CxqV5cec2oPCiVLZ6LSsfTzd+sbQYA/VRI5SOqUM2eq1gPLr6Gi3K1A=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(366004)(136003)(39860400002)(376002)(396003)(346002)(451199018)(41320700001)(31686004)(36756003)(478600001)(83380400001)(316002)(786003)(38100700002)(8676002)(66476007)(53546011)(33964004)(2616005)(6506007)(26005)(6512007)(186003)(21480400003)(6486002)(235185007)(5660300002)(31696002)(66946007)(66556008)(44832011)(41300700001)(8936002)(86362001)(2906002)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: MNkSqwPisfSRHDN3R6pWEINh8xpo4bqVlSC+CRoxqg1tBqg2OjVIsu3viL5rrxvRB+npZ4eaSWmlJqe+wHAj5uPYozl2RbYHUNsmY0MV6poCQxgyNdoDW5MjsuA3ZHLO3We2KKCkbhi4n5DylOO6iMYw3fE3ql2fldCmmCo7RhQ4r3Sg5p6035gAaCnum7hP4VItRoOI444CvwLt6BQ/uzVjvs0XzzMM56nGz7o2wWiy40th1bFyBTJR6PcgcwJpqWa/tF23f9yoWCmgYczxaIbVtu77u61zmqs/HD4B2MlXtwcZXaSIBkyRxjR+iI44cDuIOpsdmYHbF+C7LeTPA4DgZ51jhCCe2Z73LtyjejC7EfIAvEdxBanqwWtbL5K05T383mOdqitvrdJynCE37cUfFUslYkpnram4omNPBYg6uBkY3fNjEMiN0WjBegKRpWxRaaobHIGi3utpPObsOkUS/x5K3x/6F7BWvl6om68crEKDSMfFNs5Kx+E+ibe2Z7gzK575vMZLfsudfwkSc0AUDdUsMIuk5vhYqOlNJxmaaFvablBafEG/8nxphFtFyplvOBWXD8ZFz1go2I/iFSTybxX/AIpHvhK1rQN0O+WxclPhAOkqjkvHhMxIwnQP/5X731Cr8EFnsFGmyN/V0gkNVoZPQSdAnennsbDYFXhZc2/t6Q7D9a6Obccp0FtBk1f2o5E1rdloG9Kdr0jpBPuP0WfMC9MJdtwgX4xqdM31NItZpIWqol0tmwa84rsuOkhtfMHfWB5t+7oV0xOGvANem5cs+9Q6xPEQ0MTE4ra6rUjK3pwB6Qp1EX07TJ1QuSLNjaC8+E+Cdqa3Tklp8HoQjxmFwGFzj5hjz4v1vinxKT901syqBYw1WcTqhyMWBrFNJfKkQxRegkd73JVW89UYp20edLjF7MtbYn43AX4brBRP/Q7BeQnqLZ3z9W+SJwobAfN80rdisPTmmdRfSmMtRdz1X4V3cxKqQ6qKWQ494Imk+6NaDaOUTzl6K9YDVHqg3hPVC5W6/A4KhEihuhFtrMz6LoQcl1U5GOhV6Um47SA0i9PNYCSZN0n2uDTHJaYwfBDS/QtYjFJTQyGrAsRfTGGHy+UBRgM0WummfV2zpmj4AY/1vhiKkeA33EYeXUbUeoH9r4PpoZTa3Z6op+5SvRLjZsvmXguXwue1Odzf7NsfMRuucQ3EZWS4HLCb7tJ7ISI8haOiCedwbHXypq8k8c7WjP/pEePpLQvR7LOZIjiU9WvWQvCVQQjv8L4OAOKjxACOkOTLv8vYcVxc7yN6SH3MR2v+wmlPqExm9AZ4ld9gtCp1HkcBD9MpLS2/oMT0lALSqQy4hqUv9uZsNRCgKiSoDR4ahlBGIu/93085/vq4lgfMejnEmgKP9f9arbEZmLzGE2slvSy1tl6WcpFatIqjbaR+gHSwj3AdsGlSdn+4UNhMDwbo/doNwHZGbVTBrqPM5WooZ89QE2ymg8h0U9+9B75aOOsgP9NDo0zGCQWFO0Dw4DWnOKZqN3Aq0oTnsJf4+YhsMNxn0Hvk9EBo1rPsLUnK3rm7qQkiyqXyZ/4JssOHVDSSzqov5D7B
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 27ead058-537d-4706-4d16-08db1a48f58f
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Mar 2023 11:34:46.5646 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 6UxHSsg4nb2VIjvDE25MyRAqQHujqVMjZTcOhU66vkBCM1aVWsGpQwHotNFRos4/
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR02MB5970
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Kf3r43hWkng9uAUB29_UgNTVdDo>
Subject: Re: [openpgp] Should signatures be rejected if the embedded hash prefix does not match?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2023 11:35:01 -0000
Hiya, On 01/03/2023 04:05, Daniel Kahn Gillmor wrote: > say anything new about v3/v4 here I've no particular axe to grind on this one, but if there were a good reference that discusses the issue (e.g. some paper describing what's deployed and the associated risks), then simply referring to that may save us having to craft text where finding rough consensus is tricky. Is there such a reference? (It might not need to be an academic paper, any stable thing is probably a good enough informational reference for a thing like this.) Ta, S.
- [openpgp] Should signatures be rejected if the em… Daniel Kahn Gillmor
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher
- Re: [openpgp] Should signatures be rejected if th… Justus Winter
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher
- Re: [openpgp] Should signatures be rejected if th… Justus Winter
- Re: [openpgp] Should signatures be rejected if th… Paul Wouters
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher
- Re: [openpgp] Should signatures be rejected if th… Justus Winter
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher
- Re: [openpgp] Should signatures be rejected if th… Justus Winter
- Re: [openpgp] Should signatures be rejected if th… Daniel Huigens
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher
- Re: [openpgp] Should signatures be rejected if th… Daniel Kahn Gillmor
- Re: [openpgp] Should signatures be rejected if th… Stephen Farrell
- Re: [openpgp] Should signatures be rejected if th… Justus Winter
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher
- Re: [openpgp] Should signatures be rejected if th… Daniel Kahn Gillmor
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher
- Re: [openpgp] Should signatures be rejected if th… Justus Winter
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher
- Re: [openpgp] Should signatures be rejected if th… Justus Winter
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher
- Re: [openpgp] Should signatures be rejected if th… Daniel Kahn Gillmor
- Re: [openpgp] Should signatures be rejected if th… Daniel Kahn Gillmor
- Re: [openpgp] Should signatures be rejected if th… Justus Winter
- Re: [openpgp] Should signatures be rejected if th… Paul Schaub
- Re: [openpgp] Should signatures be rejected if th… Paul Wouters
- Re: [openpgp] Should signatures be rejected if th… Andrew Gallagher