Re: including the entire fingerprint of the issuer in an OpenPGP certification

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 18 January 2011 04:48 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0I4m003014930 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jan 2011 21:48:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0I4m052014929; Mon, 17 Jan 2011 21:48:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0I4lxVQ014924 for <ietf-openpgp@imc.org>; Mon, 17 Jan 2011 21:47:59 -0700 (MST) (envelope-from dkg@fifthhorseman.net)
Received: from [192.168.13.75] (lair.fifthhorseman.net [216.254.116.241]) by che.mayfirst.org (Postfix) with ESMTPSA id 4C5F1F987 for <ietf-openpgp@imc.org>; Mon, 17 Jan 2011 23:47:58 -0500 (EST)
Message-ID: <4D351B79.6090600@fifthhorseman.net>
Date: Mon, 17 Jan 2011 23:47:53 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Reply-To: IETF OpenPGP Working Group <ietf-openpgp@imc.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101213 Icedove/3.1.7
MIME-Version: 1.0
To: IETF OpenPGP Working Group <ietf-openpgp@imc.org>
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
References: <4D34F133.3000807@fifthhorseman.net> <2885367E-D215-4BE7-983D-C82C55C64B0F@jabberwocky.com>
In-Reply-To: <2885367E-D215-4BE7-983D-C82C55C64B0F@jabberwocky.com>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig3FFC5B717EBE1F287CBCC3A5"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 01/17/2011 10:22 PM, David Shaw wrote:
> I like this idea.  I would do it as "full fingerprint" myself.
> The difference in storage between 160 bits and 96 bits is all
> of 8 bytes.  I think the simplicity of being able to say the
> whole fingerprint is in there is worth a measly 8 bytes.

That seems like a reasonable cost/benefit analysis to me.

> Do we necessarily need a new subpacket type for this?  It
> could pretty easily be a notation.

Thereby making it even longer -- how many bytes are you prepared to
throw at the problem? ;)

So with gpg, this is doable already with something like this in gpg.conf:

 sig-notation signer-fpr@notations.openpgp.fifthhorseman.net=%g

I dislike this aesthetically for 3 reasons:

 0) the subpacket is hashed into the signature created, which doesn't
seem necessary.

 1) the notation value is in plain text (twice as long as it needs to be)

 2) i don't like the notation name being as long as the one i just chose :P

but maybe i'm just being a bit-miser with 1 and 2.  And maybe 0 isn't
all that important, either. (is there a way to tell GnuPG to make the
notation subpacket in the unhashed part of the signature?)

i (think i) have signed this message using the above notation name.  i'd
be happy to drop that notation name in favor of anything more concise
from a domain with a reasonably stable track record related to this stuff.

If anyone on the list has difficulty verifying my signature as a result
of this notation, please let me know.

David, do you think a patch to interpret a notation like this would be
of interest to GnuPG?  Are any other OpenPGP implementations willing or
interested in coming to consensus on a notation name and working on this?

And what should an implementation do if the issuer subpacket and the
"full fingerprint" packet disagree on the last 64 bits?

	--dkg