IETF Logo Mail Archive

Re: [openpgp] New fingerprint: to v5 or not to v5

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 09 October 2015 18:45 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6DD21B49FB for <openpgp@ietfa.amsl.com>; Fri, 9 Oct 2015 11:45:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ER742atnjtK for <openpgp@ietfa.amsl.com>; Fri, 9 Oct 2015 11:45:16 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id B5D671B49E9 for <openpgp@ietf.org>; Fri, 9 Oct 2015 11:45:16 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 7BEEBF984; Fri, 9 Oct 2015 14:45:14 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 2FB74203E2; Fri, 9 Oct 2015 14:44:46 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: ianG <iang@iang.org>, openpgp@ietf.org
In-Reply-To: <56128637.6030504@iang.org>
References: <878u84zy4r.fsf@vigenere.g10code.de> <87fv1xxe5w.fsf@alice.fifthhorseman.net> <87r3lgcup8.fsf@vigenere.g10code.de> <CACsn0c=-LKagSqTbgOV1W4Gu4u-f6vpVq82-nWSLGogjoeFKeg@mail.gmail.com> <CAMm+LwjeKDKnN2ZAisbKhWVS4kwCEm_VvcZ1MtftYzEJQpGdhg@mail.gmail.com> <87y4fi5wa9.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B278ED@uxcn10-5.UoA.auckland.ac.nz> <8737xp5z45.fsf@vigenere.g10code.de> <56128637.6030504@iang.org>
User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Fri, 09 Oct 2015 14:44:46 -0400
Message-ID: <87wpuvx4o1.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Orql429nbxOJW0WQboTnQ_k9fgc>
Subject: Re: [openpgp] New fingerprint: to v5 or not to v5
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2015 18:45:19 -0000

On Mon 2015-10-05 10:16:23 -0400, ianG wrote:
> On 5/10/2015 07:33 am, Werner Koch wrote:
>> On Mon,  5 Oct 2015 12:27, pgut001@cs.auckland.ac.nz said:
>
>> Is your request to leave the timestamp out of a v5 fingerprint
>> computation?
>
>
> Makes sense to me.
>
> Or, as it is just a calculation, the 4 octets MUST be set to 0.

<no hats>

I would agree that leaving the key creation time out of the fingerprint
calculation makes it easier to associate the mathematical object of raw
key material with an explicit key ID.

For X.509, we do have certificate fingerprints, but they turn out to not
be particularly useful.  The main place where X.509 fingerprints have
come in handy in protocols is in HPKP, where the subjectPublicKeyInfo
material is what is fingerprinted, not the certificate itself.

>> That would make some things easier but raises the issue that the owner
>> of the key can change the creation date and only the then broken key
>> signatures and the history of self-signatures would reflect this.

if the fingerprint calculation doesn't include the key creation time,
we would also need to decide whether key creation time should be
included in the material digested for other OpenPGP certifications.

in that case, i see three options:

 a) don't include any key creation time at all; signatures themselves
    have a creation time, which is sufficient.

 b) include key creation time in the material certified only for
    self-sigs (certifications issued by the key itself).  Do not include
    any key creation time in the material certified by third-parties.

 c) Include creation time of the certified key in the material certified
    for all certifications -- first-party or third-party.

I'm tempted by the simplicity of (a), to be honest.

(b) sounds doable, but i don't know how useful it is to have assertions
from the key of when the key was created, or what to do with situations
where some self-sigs assert a different key creation time than others.
Should we reject or ignore some of them?  if so, which ones?

(c) sounds like trouble -- you'll get self-signed assertions of key
creation time that don't match third-party assertions of key creation
time.  What does that mean?  how should it be represented to the user?
I think this is the issue that Werner was hinting at.

what are the downsides of (a)?  What are the advantages of having a key
creation time at all?  Is it simply that it provides a universally-known
temporal boundary when to accept signatures made by that key?

        --dkg

v2.23.0 | Report a Bug | By Email