Re: [openpgp] Hashing literal (meta)data fields
Daniel Huigens <d.huigens@protonmail.com> Tue, 11 October 2022 12:11 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BA83C1594A3 for <openpgp@ietfa.amsl.com>; Tue, 11 Oct 2022 05:11:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ezTXCLRoMjY for <openpgp@ietfa.amsl.com>; Tue, 11 Oct 2022 05:11:53 -0700 (PDT)
Received: from mail-40131.protonmail.ch (mail-40131.protonmail.ch [185.70.40.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF9D8C14F72D for <openpgp@ietf.org>; Tue, 11 Oct 2022 05:11:52 -0700 (PDT)
Date: Tue, 11 Oct 2022 12:11:45 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1665490310; x=1665749510; bh=/PUJbuUPCPt3ykg8WYSb0TlHH/80TWYzLq/3ea3mvWY=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=snKnbmm1rwvh6xGyoJxrQnuPn51EUio8QpsjC8TPlhUfF66KH0laUHU8k+Fs5nCg6 1xjDHtm5ItVYN2jdL2wly+PWtpqiV9rv6i2XN7eN0T3LUE9IR9dhwtwm4x7vhP729I V0TVyrAC8TOkC97IsDJkTSrLH3rmJWf/qNunbPkYlPLPN1ctf6s+97MkbhBAYnBsuu TTVPb+f+RlK7K0FgWe1QFSnavzqIVq4A6f1T7kjc9tnYhkx9LLKy57V1OxK/LDnqO2 tz/UO4jX4EnCfJvnw/GyrLf3WBRitMmDWOxi7bc2yBLEBlNSvL739EfRtQda0vhF9C R1/nFRb4bkOAw==
To: Justus Winter <justus@sequoia-pgp.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>, IETF OpenPGP WG <openpgp@ietf.org>
Message-ID: <x-TTXFnrRTUXYg6jCqww9hBjSKYQKxUDGU47PBt3WQxZDh75N-zvrUT1Qu45lY5Eg4gHHlKPHYTxGGFGh_vbaSccBpHUW9FIATapMgd2dNA=@protonmail.com>
In-Reply-To: <87lepmvlwn.fsf@thinkbox>
References: <QiAK3LsKi6K_UDPKI3S2vWACTHIL2CWil-AmjadkkA9XQrrdoDSuAT5UwwQCqseLMaStR4XuM04rfSoTSzXZEsNLIp3Z8_7C7Xu4Nxab1eE=@protonmail.com> <87lepmvlwn.fsf@thinkbox>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/RFGFS_016O49j1E8bResC9kU1ms>
Subject: Re: [openpgp] Hashing literal (meta)data fields
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2022 12:11:57 -0000
Hi Justus, > Instead, one could simply add notations to the signature to specify say > creation time, modification time, and filename. With this scheme, one > can better specify the semantics, lift the file name length restriction, > it doesn't require specifying how to hash the metadata, and it isn't an > all-or-nothing thing. As a bonus, if you detach the signature, the > information is still available, so you can make use of it, and > re-attaching the signature is possible and easy. Yeah, I agree, that might be better, indeed. Best, Daniel
- [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Werner Koch
- Re: [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Justus Winter
- Re: [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Daniel Kahn Gillmor
- Re: [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Daniel Kahn Gillmor