IETF Logo Mail Archive

Re: [openpgp] Keyholder-configurable fingerprint schemes?

"brian m. carlson" <sandals@crustytoothpaste.net> Tue, 10 November 2015 02:19 UTC

Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 485D21B2DB6 for <openpgp@ietfa.amsl.com>; Mon, 9 Nov 2015 18:19:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.411
X-Spam-Level:
X-Spam-Status: No, score=-1.411 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_12=0.6, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RIQyWIIkDop for <openpgp@ietfa.amsl.com>; Mon, 9 Nov 2015 18:19:50 -0800 (PST)
Received: from castro.crustytoothpaste.net (castro.crustytoothpaste.net [173.11.243.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B2A11B2D71 for <openpgp@ietf.org>; Mon, 9 Nov 2015 18:19:50 -0800 (PST)
Received: from vauxhall.crustytoothpaste.net (unknown [IPv6:2001:470:1f05:79:f2de:f1ff:feb8:36fd]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id D64F328094 for <openpgp@ietf.org>; Tue, 10 Nov 2015 02:19:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1447121989; bh=OtQyKDN9vgE3DqZZWFXhR9WzcOvV9hjLO701yBnxwsI=; h=Date:From:To:Subject:References:In-Reply-To:From; b=EEd1ARuSSEx0Vk5e9pu7Mpwx7tUzcIRGcBFbJACvh36Gp9Jnq1T1fgUKRkfv6s0Cs Lp8OeSffAWRxuW7b+9UQ2VY3cMu0JYCrPTmbcNkEjcDklEh2YB+eHn70S+HjNcY4W9 bSBkTexSzvsaBBcPeWCnY9p+Xgry/67DpvQ+/fgBkrlz2Tf+TKnMC7qoniBj79UMJX X87wrrIqYKppmBHAQ77TERmOIzhgroPHwL7GHGEH0zU6D7sV1E2OEvXQald8lyJJEH w35HjUc7uct0k4yJt4iVIaoHHKQIA3vnW2WWgtpeTV7VfqyyaJM0jIsGSnSbKG+YzN 7J3NZ/dEHc4c3ndP84kpS/1v0GxRj5orhyVN2Ngmf5Pzg1Ic7WZZMgR700pA8Jxr72 3HhTi+ZsfH+PQycx88QzDJ/eA+ZKDaarLAax2VRyZteAkE4eXGfzAWPgYBhmzCstDx O1yNAWTRzxeke45GTbCtgKFrVr8VQf5XKLlBhKKyTj4Nss6vzfV
Date: Tue, 10 Nov 2015 02:19:43 +0000
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: openpgp@ietf.org
Message-ID: <20151110021943.GH3896@vauxhall.crustytoothpaste.net>
References: <43986BDA-010F-4DBF-8989-53E71B74E66A@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="fU0UwhtRbpo05rnG"
Content-Disposition: inline
In-Reply-To: <43986BDA-010F-4DBF-8989-53E71B74E66A@gmail.com>
X-Machine: Running on vauxhall using GNU/Linux on x86_64 (Linux kernel 4.2.0-1-amd64)
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Ri5VE-HP-yAFjsrmQnqkooNWSYw>
Subject: Re: [openpgp] Keyholder-configurable fingerprint schemes?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2015 02:19:51 -0000

On Sat, Nov 07, 2015 at 12:31:43PM +0900, Bryan Ford wrote:
> This approach to fingerprint generation has the slightly-odd
> (certainly unconventional) property that a single public/private
> keypair does not have only one possible, deterministically-computed
> fingerprint (i.e., a hash of the public key), but rather may in
> principle have many different possible fingerprints (parameterized by
> the PoW and the salt that will inevitably be required in that PoW).
> This might seem to violate the “fingerprint consistency” property that
> was discussed at the meeting.  However, as summarized above, my
> perception is that the main fingerprint consistency concern is that we
> do not want to subject users to multiple different fingerprints *for a
> single key*.  In Christian’s scheme, while any key could “in
> principle” have many different fingerprints, as long as the user
> generating the key (or the user’s OpenPGP implementation) picks one
> particular fingerprint and binds that fingerprint to the key in a
> fully verifiable fashion as part of the self-signed public-key record,
> the fact that fingerprint-generation is parameterized creates no
> user-perceivable fingerprint-consistency issue that I can discern.

I think not having a single unique fingerprint is in general a bad idea.
Earlier discussion on the list reflected wanting to remove creation
timestamps so we had a fingerprint that was consistent and represented
the actual key bits uniquely.  Using a parameterized proof-of-work
scheme defeats that goal.

Furthermore, one of the benefits of elliptic curve algorithms is the
tiny keys.  You could theoretically send an entire EC public key in a QR
code and still get the same fingerprint on both sides.  Including a
proof-of-work makes that impossible.

Finally, there's been a lot of discussion about simplifying the
standard.  This doesn't seem like a move in that direction.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

v2.23.0 | Report a Bug | By Email