Re: [openpgp] Summary v5 fingerprint proposal
Werner Koch <wk@gnupg.org> Thu, 23 March 2017 19:23 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B31E129BEF for <openpgp@ietfa.amsl.com>; Thu, 23 Mar 2017 12:23:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzBpsSmAvH3Z for <openpgp@ietfa.amsl.com>; Thu, 23 Mar 2017 12:23:14 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FCFB13162F for <openpgp@ietf.org>; Thu, 23 Mar 2017 12:23:11 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cr8KD-0004Uq-MH for <openpgp@ietf.org>; Thu, 23 Mar 2017 20:23:09 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cr8EB-0003v2-Ow; Thu, 23 Mar 2017 20:16:55 +0100
From: Werner Koch <wk@gnupg.org>
To: Jon Callas <joncallas@icloud.com>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>, "HANSEN, TONY L" <tony@att.com>
References: <8737e4o2e4.fsf@wheatstone.g10code.de> <CAAu18hcEGGaDjKXtXpPbzxKm-8T4PWQBFq6AmbRXLUwi_z=0XQ@mail.gmail.com> <728801D2-CB96-4584-8A79-C93278B0437F@att.com> <87poh8kkfi.fsf@wheatstone.g10code.de> <35F1365E-C728-4925-BFB0-F31A3D8EC8FF@icloud.com>
Organisation: The GnuPG Project
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367
Mail-Followup-To: Jon Callas <joncallas@icloud.com>, "openpgp\@ietf.org" <openpgp@ietf.org>, "HANSEN\, TONY L" <tony@att.com>
Date: Thu, 23 Mar 2017 20:16:50 +0100
In-Reply-To: <35F1365E-C728-4925-BFB0-F31A3D8EC8FF@icloud.com> (Jon Callas's message of "Thu, 23 Mar 2017 11:55:00 -0700")
Message-ID: <87wpbfiz19.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Geraldton_USCODE_AUTODIN_Hamas_anarchy_Area_51_InfoSec_Zachawi_KGB=p"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/TA7Gz4uCIaTFdQyJ3MAx3eiechc>
Subject: Re: [openpgp] Summary v5 fingerprint proposal
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 19:23:16 -0000
On Thu, 23 Mar 2017 19:55, joncallas@icloud.com said: > I don't have any objection to truncating the fingerprint to get the > KeyID. The KeyID is merely a database key (as in key-value, not > crypto) and has no security value. Implementations already need to > consider the possibility that there could be a collision in the KeyID. Okay, let us split the discussion between crypto use and mere database lookup: * Revocation key and Issuer Fingerprint: - For a V5 key the 25 leftmost octets are used. The /Revocation key/ is sensitive in that a preimage attack can be used to revoke a key. That is mostly a DOS and thus not really dangerous. However, I am fine with using the full hash here. The /Issuer Fingerprint/ is a key to a database to retrieve the key for verification of signatures. Thus it does not even need 200 bits but we could also simply keep it at 160 without problems. We could also allow to let the sender decide how long the /Issuer Fingerprint/ shall be. But a fixed length makes the implementation easier. I decided for 200 bits to match the probably used human readable format of the fingerprint. > You don't need a new format, you'd just specify the new > fingerprint. You can consider SHA512/t to be a family of hashes of > output 't'. I was under the impression that we already agreed that there shall be only one fingerprint scheme per key. > Do we have a meta-strategy for an upgrade? For example, if we know > that you'd pick whatever hash at that time the cool kids recommend, > change a couple of parameters (like simply bump the key version to v6 > and go), that could be a recommendation in the RFC. I think this is a good suggestion. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] Summary v5 fingerprint proposal Werner Koch
- Re: [openpgp] Summary v5 fingerprint proposal Nicholas Cole
- Re: [openpgp] Summary v5 fingerprint proposal HANSEN, TONY L
- Re: [openpgp] Summary v5 fingerprint proposal Werner Koch
- Re: [openpgp] Summary v5 fingerprint proposal Jon Callas
- Re: [openpgp] Summary v5 fingerprint proposal Werner Koch
- Re: [openpgp] Summary v5 fingerprint proposal Vincent Breitmoser