Re: [openpgp] Fingerprints
Daniel Huigens <d.huigens@protonmail.com> Fri, 25 November 2022 17:14 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58C42C1522C4 for <openpgp@ietfa.amsl.com>; Fri, 25 Nov 2022 09:14:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kxc9d5D-k0zm for <openpgp@ietfa.amsl.com>; Fri, 25 Nov 2022 09:14:43 -0800 (PST)
Received: from mail-40131.protonmail.ch (mail-40131.protonmail.ch [185.70.40.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21A27C1522C1 for <openpgp@ietf.org>; Fri, 25 Nov 2022 09:14:43 -0800 (PST)
Date: Fri, 25 Nov 2022 17:14:33 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1669396480; x=1669655680; bh=p8Gft1C3uSfo/WvXvkB2dFTIIBusqO6WXQAYrLSwa3E=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=ZAGxmVRcSkllWdd1RzPv5GZQsYyLopUzhU+AnwuSP4lGu44QB/O8t7MrUvJHY8ao1 wnDwvPuQCN5z32qyQhPp+/OZAI5wwNJdWDHM0uwxUBfyACKgN9WsOuELcEAeTv7nM+ UQhW0DT2ZD1NDWdD0/iLNoo1oxZwb/0exJTXiH0imBAP4ASA5AgTXWvOBRmpZreP9O H+De9Ox2j/ayffIIPEJuPBYJK6EcaEZwivRjgZ1YcoD0ftcWvDTns533s51TFVw2wR MFl0Px6kx6NsnESiOR/1e914ER3l6QPwhaKOZMHHarq3JR1nyIK8eDcRsRUf/kvcNX ds+ZPTDUK4HTw==
To: "Neal H. Walfield" <neal@walfield.org>, Derek Atkins <derek@ihtfp.com>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: IETF OpenPGP WG <openpgp@ietf.org>
Message-ID: <6xCNnhcpeWwYU8Oe4cip1FRizpJDY0dWeNKaV0kccb2dDSIXBxxa-ir_KlXdE16235NZ-b6eQHlwBD-hrZkXnBuROlz904BVgtRXVp2eWlo=@protonmail.com>
In-Reply-To: <8a5ef78f325e70a71f54d0edae8d0bd0.squirrel@mail2.ihtfp.org>
References: <87cz9bt42n.wl-neal@walfield.org> <8a5ef78f325e70a71f54d0edae8d0bd0.squirrel@mail2.ihtfp.org>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Pd6fVk5eJSY47iDN4tuIREUgEpQ>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Nov 2022 17:14:47 -0000
Hi Neal and Derek, On Friday, November 25th, 2022 at 17:22, Derek Atkins wrote: > Sorry, I don't see the issue here? Both versions here are using "the > 256-bit SHA2-256 hash of". > > So where is the issue? What am I missing? It makes it harder to know from the fingerprint what the key version is. And when looking up keys it's nice to know the version before comparing fingerprints - then you can also ignore all keys with a different version without even looking at (or computing, if you haven't yet) the fingerprint bytes. On Friday, November 25th, 2022 at 17:02, Neal H. Walfield <neal@walfield.org> wrote: > Second, we could just make the version number part of the fingerprint. > That is, the fingerprint could be defined as the concatenation of 6 > (assuming we do s/v5/v6/) plus the 256-bit SHA2-256 hash. I would be in favor of always specifying the key version and fingerprint together. The one worry I have about making it actually part of the fingerprint is that if people are doing manual fingerprint verification (which, I'm the first to say they shouldn't, but..) then the leading constant 6 may make it easier to make two fingerprints appear "similar". We could simply state that v6 key fingerprints should be presented as 6:xxxx..., for example, to make it clearer what's going on. That way, we can maybe also roll it out for v4 fingerprints, and always show v:fingerprint without causing too much confusion, hopefully. Best, Daniel
- [openpgp] Fingerprints Neal H. Walfield
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Daniel Huigens
- Re: [openpgp] Fingerprints Neal H. Walfield
- Re: [openpgp] Fingerprints Neal H. Walfield
- Re: [openpgp] Fingerprints Neal H. Walfield