Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys

Werner Koch <wk@gnupg.org> Fri, 14 March 2014 10:01 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B7C81A00C6 for <openpgp@ietfa.amsl.com>; Fri, 14 Mar 2014 03:01:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jk_hhGBXUkAs for <openpgp@ietfa.amsl.com>; Fri, 14 Mar 2014 03:01:52 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by ietfa.amsl.com (Postfix) with ESMTP id 40FFB1A00EA for <openpgp@ietf.org>; Fri, 14 Mar 2014 03:01:52 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1WOOvv-0007WM-VT for <openpgp@ietf.org>; Fri, 14 Mar 2014 11:01:44 +0100
Received: from wk by vigenere.g10code.de with local (Exim 4.82 #3 (Debian)) id 1WOOko-0006xl-U5; Fri, 14 Mar 2014 10:50:14 +0100
From: Werner Koch <wk@gnupg.org>
To: Vincent Yu <v@v-yu.com>
References: <80674820640dbeb5ae81f81c67d87541@smtp.hushmail.com>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=1E42B367; url=finger:wk@g10code.com
Date: Fri, 14 Mar 2014 10:50:14 +0100
In-Reply-To: <80674820640dbeb5ae81f81c67d87541@smtp.hushmail.com> (Vincent Yu's message of "Thu, 13 Mar 2014 17:03:13 -0400")
Message-ID: <8761nh1549.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/Rv8Q6Zzt1VQZD1FRBauTl68EigY
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Mar 2014 10:01:54 -0000

Hi,

On Thu, 13 Mar 2014 22:03, v@v-yu.com said:

> 3. A new registry of ring signature key-specific algorithm IDs with the 
> following initial values:
>
>      ID   Algorithm
>      --   ---------
>      1  - RSA signing
>      2  - Schnorr signing
>      3  - EC-Schnorr signing

Why do we need a new registry?  I can't see a problem in using the
existing public algorithms ids and declare that only certain algorithms
may be used for ring signatures (i.e. exclude the algo for a ring
signature).

I would also suggest to settle for ECC algorithms and not bother with
RSA or DSA anymore.  

>      (1 octet algorithm ID, 8 octet key ID)

Until a v5 public key packet format has been defined, I would strongly
suggest to use the full SHA-1 fingerprint instead of a key id.  Creating
long key id collisions is quite possible and thus would require extra
code for trial verification.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.