IETF Logo Mail Archive

Re: [openpgp] Fingerprint schemes versus what to fingerprint

Bill Frantz <frantz@pwpconsult.com> Thu, 07 April 2016 19:59 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D3B512D18B for <openpgp@ietfa.amsl.com>; Thu, 7 Apr 2016 12:59:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gRqziZKsKHZ5 for <openpgp@ietfa.amsl.com>; Thu, 7 Apr 2016 12:59:29 -0700 (PDT)
Received: from elasmtp-masked.atl.sa.earthlink.net (elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]) by ietfa.amsl.com (Postfix) with ESMTP id AA1FB12D17D for <openpgp@ietf.org>; Thu, 7 Apr 2016 12:59:28 -0700 (PDT)
Received: from [173.75.83.83] (helo=Williams-MacBook-Pro.local) by elasmtp-masked.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1aoG58-0006Zd-OI; Thu, 07 Apr 2016 15:59:10 -0400
Date: Thu, 07 Apr 2016 12:59:05 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Werner Koch <wk@gnupg.org>
X-Priority: 3
In-Reply-To: <87egahvs5i.fsf@wheatstone.g10code.de>
Message-ID: <r470Ps-10114i-A10719748E97459586178687076BE0F4@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4 (470)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec799a7516b8e5f8b4be5ac856b7bc5ba10f350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 173.75.83.83
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/LpGFQctOSM_sasp-bPeX3XNj0mU>
Cc: openpgp@ietf.org, Bryan Ford <brynosaurus@gmail.com>
Subject: Re: [openpgp] Fingerprint schemes versus what to fingerprint
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 19:59:31 -0000

On 4/7/16 at 11:39 PM, wk@gnupg.org (Werner Koch) wrote:

>On Wed,  6 Apr 2016 20:15, brynosaurus@gmail.com said:
>
>>1. What fingerprint scheme(s) should OpenPGP move to going forward?
>
>A SHA-256 hash of the artificial OpenPGP key packet as we use it right
>now.  The open question is whether to
>- include a creation timestamp,
>- a timestamp but fixed to 0 (as Google End-to-End does),
>- some other static info data to surely separate that fingerprint from
>other protocols fingerprint using the same key (i.e. token based)
>- no creation timestamp

If we use the string, "PGP Fingerprint", or some such, we get 
pretty good protection against cross protocol confusion. That 
string could go in the former timestamp field.


>You describe how a fingerprint is presented to the user.  This has been
>out of scope for OpenPGP.  Implementations have settled for a de-facto
>standard outside of the protocol.  I think we should keep it this way
>and at best give only a suggestion for a human readable format.
>
>Humans are bad at comparing fingerprints; this should in general be left
>to the software and additional protocols to establish a connection
>between an identity and a key/fingerprint.

Bryan discussed the issue of verifying keys via fingerprints 
from e.g. business cards -- a procedure I have actually 
performed. And I verified all of the characters in the finger 
print too. :-)

This use case makes a strong case for a standard print format 
for fingerprints, so a fingerprint from one application can be 
input to another application for verification (a very good idea 
Werner), or in true desperation, eyeball verified.

I do not see this use case going away because it allows people 
to eliminate third parties (e.g. web of trust or CAs) and reduce 
the number of different actors they are depending on for their security.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | Re: Hardware Management Modes: | Periwinkle
(408)356-8506      | If there's a mode, there's a   | 16345 
Englewood Ave
www.pwpconsult.com | failure mode. - Jerry Leichter | Los Gatos, 
CA 95032

v2.23.0 | Report a Bug | By Email