Re: [openpgp] v5 in the crypto-refresh draft
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 10 June 2021 05:40 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CD0C3A3544 for <openpgp@ietfa.amsl.com>; Wed, 9 Jun 2021 22:40:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.899
X-Spam-Level:
X-Spam-Status: No, score=-0.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, PDS_BAD_THREAD_QP_64=0.998, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fj8VkwBlkQUS for <openpgp@ietfa.amsl.com>; Wed, 9 Jun 2021 22:40:43 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C25F3A3542 for <openpgp@ietf.org>; Wed, 9 Jun 2021 22:40:42 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2241.outbound.protection.outlook.com [104.47.71.241]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-34-ahOt-nfGMkatbfRgr8MCTw-1; Thu, 10 Jun 2021 15:40:38 +1000
X-MC-Unique: ahOt-nfGMkatbfRgr8MCTw-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SYBPR01MB6159.ausprd01.prod.outlook.com (2603:10c6:10:ed::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.21; Thu, 10 Jun 2021 05:40:35 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::51a7:5858:c7ef:880f]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::51a7:5858:c7ef:880f%5]) with mapi id 15.20.4219.022; Thu, 10 Jun 2021 05:40:34 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Paul Wouters <paul@nohats.ca>
CC: "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] v5 in the crypto-refresh draft
Thread-Index: AQHXXbr+7O9O+mcMl02kzvDvrO7x3Q==
Date: Thu, 10 Jun 2021 05:40:34 +0000
Message-ID: <SY4PR01MB6251ADA05B055670FCFF080CEE359@SY4PR01MB6251.ausprd01.prod.outlook.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:df0:0:2006:f15f:3abb:d8a6:7c15]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4e0f6062-f4cd-4ac6-4cf1-08d92bd244f9
x-ms-traffictypediagnostic: SYBPR01MB6159:
x-microsoft-antispam-prvs: <SYBPR01MB6159EC2A9CCE2799180B904DEE359@SYBPR01MB6159.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: BSouwBwaath063nK4GxzVKaK18q9/cB+7ekkSN4mu6PvCcJtlu3UGygkeJJxilOzkxvgiWIQSnViOs1Vbaqn95I0cDrNFzPiA74sFOFXT5U6tsWyuS7mXgjGfQaV5S80An60GEH36BfqgnbS5pnS6Dz/ailrY/cdUZRQG1uVchn/cr8asMqNdAHmMAb2g6BPDLFY1z383QE+YqivGv6T8WBldK5TOhn/shL9YzroRnHcRWuGBXqYjin4QUNP+p/tSBnRGKBqb7nzlnzkH8kk8tlzhYWO9YlId6Iy80jVGrMJ9UUC8EazNExewwKgAN+5MwklvmaX41UBM2GOEYOSvpIJ/hCg81l2Sv+moEQbrPnLmZ8PkgOS6s78c3i5fHj4CGWrYVx1lnY71LjxI5wmuNNgPRXBGExpeb0RAkFzAqPm7ekI2FSVBUCpTPEFhRVzDgiBzIG5DEqKMiTA3ogAsDYeoWQZgnuvR9JwcBjYLr0lW07oigjojl0QEmkcmey+I5PM3hPDA9ZBC6W/cGswV6alSBOa/wayGqAr1PVf9ZxllCPYCkvhbnb98Uf4x3z4FwShxJLmmXE1LQDVSZ1t1eduZD6ePQ/gtBY1bKjcomI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(39860400002)(396003)(366004)(376002)(4326008)(478600001)(8936002)(86362001)(64756008)(8676002)(66446008)(66946007)(55016002)(9686003)(66476007)(66556008)(71200400001)(76116006)(5660300002)(7696005)(52536014)(186003)(316002)(786003)(110136005)(6506007)(122000001)(83380400001)(38100700002)(33656002)(2906002); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata: UQCRYf2RzekZLKxvcjueZK3tZztkB+7ZHgl9iGgTd9/4rRdDzjyECaJf1i88UdaoRlSp5hok8TKLWzGHBxyqBNYBndP4NPkkX+2q555eG+GI/Sg3ZHtdVVzIh8dSSc2LguYj1k9GCQStIBE90iGLcz7rZJW8tAavefxrSogfjxCxmZD6HGDovH0yPyjkpDyeGgGGeT3vJVO/pQK9y0FS6fHKT62jQ2FzPCfK+ZWKEDdwLiQvL9ST9K6Qyi5ehjSeO6gXmPCVZybaCM5Xvp8rLdUU+zyUB+IdzdSlcV6I3GgSy2IrGp2usPELZf7QKzZT2aQg9L1YZY/fm2REItfCou0NeXKp9pRmnmQ0cKnIAcFwRoryYZtXZq/56NpB9DbQ69wDzfnAgWHeWDEBxYgtuynAmNZE/1yjQ7h60jpRcp6Sdh7Nn22pT8ZKEGH1pCNvQBIm1mh8pEYMRGc2rZ3ArzP2NEpZrljT6iN/yrpjkIiHp58kEE/t649E9i08xkyYOuloS5xqDEskZnFzORy+SuAazvy07hY71AelCFuXAlOzZSB6vFSkn88WpRd55nwIQJXwnuo0tNqLSwFyMdN04pUXLq00y5k/rGYcAUeSsumfx+ooB2SAqpMq1mVM9KARqPR6u8m7MJ5l3P/Ry27C0BlM4V2VvKkzP7s4g+ptJBC4vt4/tvgyW/ap3RbWEeegqYedSWba1EwmvwuEDTyqLXqGmZVK2paRYLh5jwj6qkHMLS4A+SfmNAjv1J2g9K5vLsJkTSwtQBbdoObuA5VQX8VJ/KkKtaDeK9aA9MWdit1nPzQqpUmtyKYUm15RlPHnRQKTc9AImtVETcWVJzrLibzRJz0WFYaaoISzp6EtdYgFQj+IyJVF+HPqmsX0Poa+yft+6CPNoMxRSsYdqcmsPd24aWCOrchJbZb5O3CTHQ0+i7IYnzSrG2twJFcDPGDRRBHEY4yUhwcKoR9kcyPwbHIByx4fNSMEtD5NtGGDc0O0vGxM7lMh9Bd34dDlhILQKgGtsUMvfzCgVyyHm57tMwkDyFJWrXBhaiSxK1qxDtUWsHLFbBIePy6aYt+X3uBlQEPvWqPJhZqWl+HXs9h43DP0shfY0ei5Ftzf8MLkgYYaQEGkJhSVeoIXlyH9GWaUFc32ELi7lio6OT3hB8OL2+Pf0Qdn6Vo4ge2G67qZyUtJ5Tw0RNJ62zYdI2A92buBtWOD/2l1MYm9msxtcAtXM/07cw9zVhH4VV41o+bWnmBEtrKOW/TQ5/XWSNZSNhyqtwbKj/Z4mAtf2MQn8C1UZ+p6OyMmGndjR4QpTp0IZ4WGfjtfYt8Mf9VO8IxiFCTAz2oJVr5lRUOyglP5oeR9O05L5vUabcl/DsuIUO1zNm4=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4e0f6062-f4cd-4ac6-4cf1-08d92bd244f9
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jun 2021 05:40:34.3320 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KwwSYV38tHNYPo0Lknr0evCzWJVs73PWKQgIviY0xglJkQe2LYF1xCRVhWWDpahsUNzwy4iJmN++ymHQhQ5VcBXqKkKBoJqIamFZQFa18vo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBPR01MB6159
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 1
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/NcMB41DG-BtegnCuNvbzL0ZmHJc>
Subject: Re: [openpgp] v5 in the crypto-refresh draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2021 05:40:50 -0000
Daniel Kahn Gillmor writes: >Key ID or fingerprint comparison has been recommended in the past by the >OpenPGP community as a reasonable way that one communications peer can >confirm that they have the "right key". Ah, good point, so it's a human-factors thing rather than just (say) mapping a signature to the key that signed it, where even if you can create a collision to point to a different key the signature check will still fail. >which i'll call the "comparison-verification" practice: Is it worth mentioning this in the text? The current text just says "this thing is the fingerprint" with an implicit use elsewhere in the doc of "the thing used to identify which key is being used", without mentioning its second, non-protocol use, to verify someone's key. (Is this still done? When was the last time someone here attended a key signing party?). >I'm fine with either of these two framings, with a slight preference for >Paul's text as it captures a bit more of the shifting landscape. I'm happy with Paul's text as well. Peter.
- [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Huigens
- Re: [openpgp] v5 in the crypto-refresh draft Michael Richardson
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Paul Wouters
- Re: [openpgp] v5 in the crypto-refresh draft Michael Richardson
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Paul Wouters
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Nickolay Olshevsky
- Re: [openpgp] v5 in the crypto-refresh draft Peter Pentchev
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Peter Pentchev
- Re: [openpgp] v5 in the crypto-refresh draft Michael Richardson
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Paul Wouters
- Re: [openpgp] v5 in the crypto-refresh draft Justus Winter
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor