IETF Logo Mail Archive

Re: [openpgp] V5 Fingerprint again

Thijs van Dijk <schnabbel@inurbanus.nl> Wed, 01 March 2017 19:41 UTC

Return-Path: <schnabbel@inurbanus.nl>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42DE1129895 for <openpgp@ietfa.amsl.com>; Wed, 1 Mar 2017 11:41:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.334
X-Spam-Level:
X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inurbanus.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id frt-V8QLYU4a for <openpgp@ietfa.amsl.com>; Wed, 1 Mar 2017 11:41:47 -0800 (PST)
Received: from mail-ua0-x22d.google.com (mail-ua0-x22d.google.com [IPv6:2607:f8b0:400c:c08::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 448D91298AB for <openpgp@ietf.org>; Wed, 1 Mar 2017 11:41:46 -0800 (PST)
Received: by mail-ua0-x22d.google.com with SMTP id f54so51500964uaa.1 for <openpgp@ietf.org>; Wed, 01 Mar 2017 11:41:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fr/hQCnF+SAHQA+kb45TPo2z+z0blxCr4rimcgzHhFM=; b=uBaX5bn8OkOQIK/1NNN2yENqB66eI69o+Gn5BQSOHGhO7Tt2s0EFqJjv7dJNMtUt9s gU0eYEcFPK5EQFcRlnBU7+lk9TPkxcBulXYvDwopEEx5Nw3N9akULBTXAP+DO9zObEMW k07BlM9KNZu+JqBV3s0iDPFi7IGlijna6EApk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fr/hQCnF+SAHQA+kb45TPo2z+z0blxCr4rimcgzHhFM=; b=mCK3PzZGLcfrHbBKdGSDHpPrqnbSnx+tvoWv4EHrAB3+6IP7S0aIK9kgCLCVJceChO 5uRnIWWi1Gq0Hs7Cy9M0rua5E0STm55+9GLCiGLJX5wCQ/ONwBsj1eQ1CoxQrh5xnqhD eY4Z48SeEVgSXF0uwH5wfNdFpMNU6eIU/yELb0F4hwEYhTSRjGNOTq2SQNjZG9FvtyLX 4QAr87jHXFM+KeELovIEHaUuIgsV3WC/0ZbSFSFVInnhGZMSjErWdnAkL/nTA+KAHC1V MKlVEbqyAYEc/BZUX9idkcmetKGug/eCT0CtvVF6HhbZM/A7XU0rCwqHwvddARRak9LI uqpQ==
X-Gm-Message-State: AMke39mLADP/7X7GijErjrVq4tMK29G/cwKsFZHd/P1ciLx+dYil3F32+QCtNZjn2fEXiPHB57SrbMvxrzy53g==
X-Received: by 10.176.22.136 with SMTP id e8mr4258465uaf.154.1488397305985; Wed, 01 Mar 2017 11:41:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.103.102.3 with HTTP; Wed, 1 Mar 2017 11:41:45 -0800 (PST)
In-Reply-To: <CAMm+Lwju5i5xHt=ma6Ush4_4dfZNwOi2=2km+6Qja+sDbkvbxg@mail.gmail.com>
References: <CAMm+Lwju5i5xHt=ma6Ush4_4dfZNwOi2=2km+6Qja+sDbkvbxg@mail.gmail.com>
From: Thijs van Dijk <schnabbel@inurbanus.nl>
Date: Wed, 01 Mar 2017 20:41:45 +0100
Message-ID: <CADGaDpFoBt1=eZHxo4q=Yb24NYyy1sudFn_h=MTZE3_wiRVXJw@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: multipart/alternative; boundary="f403045f88f2b553d10549b080e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/RQhEx-roUVFpCaasjRsDhUR1Kvc>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] V5 Fingerprint again
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 19:41:49 -0000

>
> Given the SHA-1 break, Could we return to the V5 fingerprint discussion?
>
> The issue we are seeing the the SHA-1 break is that a LOT of software is
> based on the assumption that SHA-1 is unique. And this is causing software
> to crash in real world applications.
>

Thanks for reviving this discussion. While as I previously stated your
proposal for the new fingerprint format still looks good to me, I don't
agree that this newest break against SHA-1 is grounds for alarm.

Note, software does not require a hash break to crash, it's perfectly
capable of doing that even if the hash algorithm is sound. I remember a
story of some app crashing because someone reused the key material from the
primary key as a subkey packet, so the subkey and primary would have shared
their fingerprint regardless of the hash used. This is just something apps
will have to deal with no matter what; the only thing that's different from
a few days ago is that bugs like this may just have become a lot easier to
reproduce.

Until I see evidence to the contrary, I'm going to assume the sky is not
falling. Not this week.

However, there certainly are some interesting avenues of investigation in
light of this recent discovery:

1) Should we deprecate SHA1 in signatures? (Or did we already?)
2) How does SKS handle disambiguation? If I submit different keys with
matching fingerprints at different endpoints in the sync network, how will
those keys propagate to the other nodes?
3) Does GnuPG have any way to disambiguate? Do the different automatable
interfaces expose this capability?

I'd say question 1 is the most pressing of the tree, and it's also the one
question we could answer at the standards level. If we manage to make a
decision on that, we're definitly on the right track w.r.t. letting go of
SHA1. (Hint: the answer should be "yes.")

-Thijs

v2.23.0 | Report a Bug | By Email