Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a separable ring signature scheme...]

Vincent Yu <v@v-yu.com> Fri, 14 March 2014 02:39 UTC

Return-Path: <v@v-yu.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 649071A06C8 for <openpgp@ietfa.amsl.com>; Thu, 13 Mar 2014 19:39:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WUXNJqGWi47Z for <openpgp@ietfa.amsl.com>; Thu, 13 Mar 2014 19:39:42 -0700 (PDT)
Received: from smtp2.hushmail.com (smtp2.hushmail.com [65.39.178.134]) by ietfa.amsl.com (Postfix) with ESMTP id 60B111A06C3 for <openpgp@ietf.org>; Thu, 13 Mar 2014 19:39:42 -0700 (PDT)
Received: from smtp2.hushmail.com (localhost [127.0.0.1]) by smtp2.hushmail.com (Postfix) with SMTP id B33B9A03E7 for <openpgp@ietf.org>; Fri, 14 Mar 2014 02:39:35 +0000 (UTC)
Received: from smtp.hushmail.com (w7.hushmail.com [65.39.178.32]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp2.hushmail.com (Postfix) with ESMTPS; Fri, 14 Mar 2014 02:39:35 +0000 (UTC)
Message-ID: <1e053aff143a868d303cb483949bcd31@smtp.hushmail.com>
Date: Thu, 13 Mar 2014 22:39:31 -0400
From: Vincent Yu <v@v-yu.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
References: <80674820640dbeb5ae81f81c67d87541@smtp.hushmail.com> <23C2DE82-93B7-48A6-95A6-14B4F5DD1F42@callas.org> <3e9143bf60d2252a67149eb4b984bcdb@smtp.hushmail.com> <532268E5.8090001@fifthhorseman.net>
In-Reply-To: <532268E5.8090001@fifthhorseman.net>
X-Enigmail-Version: 1.6
OpenPGP: id=d28d7c4078b3742a; url=https://v-yu.com/pubkeys/openpgp.asc
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jsQN2bAk3PnKI8hTggUEafKE7nlmNaea7"
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/Km6NEqcv01OYZQ5ABw8lfnui-VM
Subject: Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a separable ring signature scheme...]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Mar 2014 02:39:44 -0000

On 03/13/2014 10:26 PM, Daniel Kahn Gillmor wrote:
> the OpenPGP fingerprint revision discussions have not yet terminated in
> a clear conclusion -- the last stage we reached was was "wait until
> SHA-3 has settled down and then reconsider".
>
> You should *not* use keyIDs as distinct identifiers in the subpacket
> body of the ring signature design; the use of keyIDs in the traditional
> issuer subpacket is a mistake that i hope we don't propagate if/when
> OpenPGPv5 ever gets standardized.
>
> Your I-D should have the subpacket body built from either OpenPGPv4
> fingerprints, or full public key packets.  the search space for key IDs
> is too small to distinguish "bad signature" from "i don't have the
> appropriate key" with sufficient confidence, which causes all sorts of
> nasty UI edge cases.
>
> 	--dkg

Thanks for the info. I will likely follow your suggestion and modify my 
proposal to use V4 fingerprints rather than key IDs.

Vincent