Re: [openpgp] Hashing literal (meta)data fields
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 12 October 2022 15:55 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B5CCC14F742 for <openpgp@ietfa.amsl.com>; Wed, 12 Oct 2022 08:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=NttGh697; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=wDCsZ9cU
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dhEd_Kb1sYIV for <openpgp@ietfa.amsl.com>; Wed, 12 Oct 2022 08:55:38 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A140C1522CB for <openpgp@ietf.org>; Wed, 12 Oct 2022 08:55:37 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1665590132; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=LHcmr52mbNTaqGlbqMUqBpeFA3O3/Ig3sRK0W0NlR2Q=; b=NttGh697BzT8qyZeixsP2cYS13NnuWlSAbjJ/P4VoXyN65P0r5S9RraYZ9nwqKG/Hzt6U 3ODxsYGChTc1nMZCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1665590132; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=LHcmr52mbNTaqGlbqMUqBpeFA3O3/Ig3sRK0W0NlR2Q=; b=wDCsZ9cUmBvV33gATWRiLTzA5wQk3sSPiwS2vhvBeBGRaqJ7Feb2AlFNPji97G1OmvZBX Ud9vg+P2CfLgiwb2ULitkfCdbPbs/SGSS4yXzZKn+MB1w5PjpY0awol7q7WRd9WZP6OujGP 3AF3Yr7CH3uv1ZWAnEUld+16i7dYlwxerYXkTuD3YCDu1wDW9BMQoe4W/y+ACAP5WvnYCbC 0d7tEJuEeqy/46L7CYNhf1luFmxYJ2+mZYgriy/UZ80UItLkNNhK37fc+LIihe51fyD2ZVA SDIzde0fazIm7mjtBVIPFKPs2ZRzU3cWMLeWdX0gBcUqQAUeqANSG3aP97Mg==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 08F19F9AD; Wed, 12 Oct 2022 11:55:31 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 4D7CA2044A; Wed, 12 Oct 2022 11:55:21 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Daniel Huigens <d.huigens@protonmail.com>
Cc: IETF OpenPGP WG <openpgp@ietf.org>
In-Reply-To: <LIIml0mMswppyxJWGMtqkG8UCXUItOFB5TuYf9OEG0Hr84Dvl7KO649aVl11BZi4nHNW0nFX5SG8M-tr-IKlZZW2BJiCfMGoRdRFw1BHyn8=@protonmail.com>
References: <QiAK3LsKi6K_UDPKI3S2vWACTHIL2CWil-AmjadkkA9XQrrdoDSuAT5UwwQCqseLMaStR4XuM04rfSoTSzXZEsNLIp3Z8_7C7Xu4Nxab1eE=@protonmail.com> <87lepmvlwn.fsf@thinkbox> <x-TTXFnrRTUXYg6jCqww9hBjSKYQKxUDGU47PBt3WQxZDh75N-zvrUT1Qu45lY5Eg4gHHlKPHYTxGGFGh_vbaSccBpHUW9FIATapMgd2dNA=@protonmail.com> <87ilkp5x96.fsf@fifthhorseman.net> <LIIml0mMswppyxJWGMtqkG8UCXUItOFB5TuYf9OEG0Hr84Dvl7KO649aVl11BZi4nHNW0nFX5SG8M-tr-IKlZZW2BJiCfMGoRdRFw1BHyn8=@protonmail.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Wed, 12 Oct 2022 11:55:20 -0400
Message-ID: <87czax595j.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/RwMdhoZyQCqkD9jhuDU0hMZer1Y>
Subject: Re: [openpgp] Hashing literal (meta)data fields
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2022 15:55:44 -0000
On Wed 2022-10-12 08:04:35 +0000, Daniel Huigens wrote:
> On Wednesday, October 12th, 2022 at 09:14, Daniel Kahn Gillmor wrote:
>
>> With no hats on, I am not convinced that the proposed hashed literal
>> data meta packet solves any of these points.
>
>> it clearly doesn't address (1) or (2),
>
> I tried to describe in my original email how it could address (2).
> Could you elaborate on why you think it doesn't? :')
aiui, your suggestion of how it matches it would work requires ignoring
this field for detached signatures. But that means it isn't
round-trippable: if you detach and then reattach the signature, you've
lost the metadata and the reattached signature will now fail.
That is a subtly ugly property that seems likely to cause mystifying
failures. Not a great thing to bake into the standard.
> (Though, if we all think that notations are better and do address it,
> the point is a bit moot.)
fair :)
>> and for (3), it only makes it
>> possible to add this metadata to v4 signatures, but of course it's not
>> guaranteed that it'll be there. What should a consuming implementation
>> do that wants to use these fields?
>
> I think this is a bit inherent in protecting some fields that previously
> weren't protected. There's no backwards compatible way to add this that
> guarantees it's there, since it currently isn't - but I don't think
> that's a very strong argument against doing it. Anyway, the concrete
> guidance could be to only rely on these fields if this subpacket is
> there - and similarly, in the case of notations, the guidance could
> just be to only rely on those notation fields (if any), and not on the
> literal data packet metadata fields.
>
> One thing to note is that to fully replicate the original proposal,
> we would also need a notation field for the data format (binary, text,
> etc.) I'm not sure how important that is, but - doing so might raise
> questions about what to do if they don't match, etc. For the filename
> and date fields, I suppose the notations would trump the literal data
> packet fields, so that the latter can be left blank - but the data
> format field can't be left blank, so there we should probably say that
> they must match, if we do add a notation for it.
Even simpler guidance about the metadata fields in the literal data
packet is: "when generating, never populate; when consuming, always
ignore" (this is what crypto-refresh says, fwiw). Then if we want to
introduce any notations which contain any metadata, we can just define
them orthogonally to anything in the literal data packet.
This seems simple, clear and unambiguous. Implementers that want to do
something with that data can just work directly with the notation.
--dkg
- [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Werner Koch
- Re: [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Justus Winter
- Re: [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Daniel Kahn Gillmor
- Re: [openpgp] Hashing literal (meta)data fields Daniel Huigens
- Re: [openpgp] Hashing literal (meta)data fields Daniel Kahn Gillmor