Re: [openpgp] Proposed text for V5 fingerprint

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 12 September 2016 20:32 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB50F12B078 for <openpgp@ietfa.amsl.com>; Mon, 12 Sep 2016 13:32:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aemwzQq6oyke for <openpgp@ietfa.amsl.com>; Mon, 12 Sep 2016 13:32:10 -0700 (PDT)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 562D912B0F3 for <openpgp@ietf.org>; Mon, 12 Sep 2016 13:32:09 -0700 (PDT)
Received: by mail-qt0-x229.google.com with SMTP id l91so61509587qte.3 for <openpgp@ietf.org>; Mon, 12 Sep 2016 13:32:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=HNpFZ3gjySczb7XHkw9Iz2sRbWfCmDIL0log2sp6W6M=; b=KGaY9QKeV6FUIMgWXtCJVcWsp/XOmoE59tCcrmaj/QafRrkz8MOIQ5qO2CL/2b1jNF I1kG5Fj8Vk0h7x2cT5hBZIlxuBsbf8dZO6i6WVnFEw+ojpjk65dfGncRvPgwxx/NX6iG hSdxF3XXSRpyjjwqkUSI4XQAI5PvYZ3Hrxy5m8fDJHWRDfGNj5wEFxS8lT3fNQg4Df1W Uzh754CjQxpFY9rlj6oZ7PywArFlFmTGkiGE26wAMRzqylZ7mDkZVKYzwFvwq0QxrVrt qAI46ToXYW25u1Whk88cIx3jRGzG5CXUyBmIySpbi1WeO1ixNsWoDZpi2gR6Ipxvuba6 tl5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=HNpFZ3gjySczb7XHkw9Iz2sRbWfCmDIL0log2sp6W6M=; b=Ef2tx+xYEA98OoJHB6QRRjt8kOeutYfIsrU1LkV9p9xH1lcRMIFoDaYEUodkvkhKtm G8Riufe6OMGn2RJrXaajVxHKQBHNUY9OeUXxISzklujo0HNkykbcQvSuxL+ifqHpM/6+ cz4tW2qtHEUx4Nsry4uXeF59a4iqjzUN76p/FSAMIUJBWbe9wVPaCzRLTLchHCvnchpg UEb3FZbp6gCzqQVB/OudEmaQIKXdCQZJAoqFvz6Qgt6gvswiZ36W03OpuEQc/O/+XDiq LVeJI4JvC83ZdEq0KXIpPXLxeA9OS+x6kGqfamm8GUe0sE9TN1EQKyHQxHvjdLwkn3Bv hnHQ==
X-Gm-Message-State: AE9vXwMBRiT+1bdvYGod5famPNfCbDImDW1eIRZ1w4+nnYRTM41WToD/NBP8KE6THzyAmDx/BEa+lPKFAsOLcw==
X-Received: by 10.237.41.2 with SMTP id s2mr21756543qtd.115.1473712328446; Mon, 12 Sep 2016 13:32:08 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.55.209.87 with HTTP; Mon, 12 Sep 2016 13:32:07 -0700 (PDT)
In-Reply-To: <CADGaDpEJhvktfTtr1V6rVdd7LqORDwwZhFbbSZnz-7LdH_6qEA@mail.gmail.com>
References: <CAMm+Lwhz973u20W0TETFrE0Y_frKQth=B0QcisP5bD2jskta4g@mail.gmail.com> <CAMm+Lwj595p1QtrBbFTeig0VX2Mg0giBXCoZNhNZwzXuKfVUNQ@mail.gmail.com> <CADGaDpEJhvktfTtr1V6rVdd7LqORDwwZhFbbSZnz-7LdH_6qEA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 12 Sep 2016 16:32:07 -0400
X-Google-Sender-Auth: O8hyNF3qlzjzo2vh9JjxSbgRkAc
Message-ID: <CAMm+Lwjz603dPF+74A0tXBhOC86+ag8r2qHcD8LoVZcrDSTpXQ@mail.gmail.com>
To: Thijs van Dijk <schnabbel@inurbanus.nl>
Content-Type: multipart/alternative; boundary=94eb2c113d10d69eb3053c55630f
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/MezmDIK2O3qh1Pabv73lfOlu45c>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Proposed text for V5 fingerprint
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2016 20:32:12 -0000

On Mon, Sep 12, 2016 at 9:27 AM, Thijs van Dijk <schnabbel@inurbanus.nl>
wrote:

> Hi Phillip,
>
> As promised, I'll post my two cents' worth about your proposal.
>
> In your talk last Thursday, you've revealed some details about the larger
> design of which this V5 fingerprint proposal is a part. I can see now you
> weren't kidding when you described it as "encumbered." Though your talk was
> certainly interesting, I'll try and stay on topic and evaluate your
> proposal as a self-contained unit rather than as a tiny part of a larger
> design.
>

​The only part that I believe is encumbered is the 'work hardening' scheme
that is not currently in the drafts at all. All the rest is pretty well
covered by prior art, albeit that is not an absolute guarantee.​



> To wit:
>
> +1 on dropping SHA-1 in favour of SHA-2. This is kind of a no-brainer.
> +1 on prepending a version number to the output for futureproofing.
> ?? on embedding a content-ID field in the final hash input.
> +1 on changing the default fingerprint representation from hex to base32.
> +1 on changing the definition of the short/long key ID to n bits from the
> start rather than from the end, so even the truncated versions will include
> the version ID.
>
> On the content-ID, it's unclear from the above draft which problem you're
> trying to solve.
> If I were to guess, I
> ​​
> 'd say it would open the door to unification of OpenPGP and X509 somewhat,
> but currently it's not obvious how exactly this fingerprint format would
> help. Could you elaborate a bit?
>

​Today there are several formats that are regularly used to describe trust
anchors:

PGP Key format
X.509 / PKIX root cert​
​Certificate Trust List (Microsoft)
SSH Public Key format
SAML
DNSSEC

It would be really nice if we could all use the same format to identify a
root of trust. But that is of course not going to happen unless we can get
all six of the major PKI infrastructures to agree on one approach and that
probably isn't even desirable.

The traditional way to solve this problem is with a URI type scheme:

OpenPGP:mwj3e-wj3id-2kqai-2iwiq

But that uses up a lot of bits and not for any real purpose because all you
have is a fingerprint, you don't know how to interpret those bits.

The idea of putting the content-type into the fingerprint calculation is
that it allows each of the six applications described to make use of one
fingerprint format without risk of someone working out how to cause a
semantic attack by confusing one content type for another. It would of
course be a bad thing if someone could generate an OpenPGP key that turns
out to be a legal X.509v3 certificate.


The other reason for having the content-id in is to allow versioning within
OpenPGP. So for example, lets say that there is a V6 key format but we
don't want to change the digest value. We can change the OpenPGP content
definition format as many times as we like without having to use up any of
those scarce fingerprint version IDs.