Re: [openpgp] Proposed text for V5 fingerprint
Thijs van Dijk <schnabbel@inurbanus.nl> Mon, 19 September 2016 10:36 UTC
Return-Path: <schnabbel@inurbanus.nl>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B8C112B0CB for <openpgp@ietfa.amsl.com>; Mon, 19 Sep 2016 03:36:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.334
X-Spam-Level:
X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inurbanus.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ly39RilPiyZO for <openpgp@ietfa.amsl.com>; Mon, 19 Sep 2016 03:36:13 -0700 (PDT)
Received: from mail-yb0-x230.google.com (mail-yb0-x230.google.com [IPv6:2607:f8b0:4002:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D09412B11C for <openpgp@ietf.org>; Mon, 19 Sep 2016 03:36:06 -0700 (PDT)
Received: by mail-yb0-x230.google.com with SMTP id i66so81298821yba.0 for <openpgp@ietf.org>; Mon, 19 Sep 2016 03:36:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Z8+o5cUj3oMHXtSr5m6sGjqI8eKxOAruTaCdgj7V0iQ=; b=Cny8Q1cmUqHZZIr3qTVxMgKbHPIw4rpcqtwJ5qtX5U/IijVNUJGO+oswLvLwt06188 /ySK+XrjcNrHZRWCYq4h3yHQQGSDS49NlCs6oi7HkhCi6oj2O9O0whdb19WwssKxNp5V VgecQzJnL4VyvemElKn1Xu7coxBJgBBAYIc7M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Z8+o5cUj3oMHXtSr5m6sGjqI8eKxOAruTaCdgj7V0iQ=; b=eNeI2LAl1SrEdS+HSXMgrhxA8ygIWT3dXcTmhbJbZuMLa6mVf8+ru/jGmQxVCZRENT iL5LONt1ss3TNJZd7xq1nWLSvCQUwanZxYuYK1cpoz2UQuGEcuv2U2jIOL1oTAj9n3My 8dmTts4xBDNmxkB3qCTSQI9UIm2KZlP2tQ9y5fPlKu2yDAx5Qt0JDyMcoia/QWsF1RrL 0ow45nzRVHe06Ceps613ydgzOiL68rTxG4HtqS9Si2aJCiDwEfjAAArQCXDw7lY/IFYB AbtAzoERfJyymK3VLMopKVcrJhNFVEeRDX6sc4zDQEC+131K43b93/pGjdmGDu95V6yc LN0g==
X-Gm-Message-State: AE9vXwN4Z0ICU6QAuhoGscxYllG4U6d6OnLFcrdAhae/P/2WUpaZPycH2lG0E868jKWhB+sYcSLtEEURPFY80A==
X-Received: by 10.37.87.10 with SMTP id l10mr24202887ybb.133.1474281365662; Mon, 19 Sep 2016 03:36:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.0.71 with HTTP; Mon, 19 Sep 2016 03:36:04 -0700 (PDT)
In-Reply-To: <CAMm+LwjC94cKFCbRrTYAcixqkVygQ7zefRAE0pb7nXQBGg+50Q@mail.gmail.com>
References: <CAMm+Lwhz973u20W0TETFrE0Y_frKQth=B0QcisP5bD2jskta4g@mail.gmail.com> <CAMm+Lwj595p1QtrBbFTeig0VX2Mg0giBXCoZNhNZwzXuKfVUNQ@mail.gmail.com> <CADGaDpEJhvktfTtr1V6rVdd7LqORDwwZhFbbSZnz-7LdH_6qEA@mail.gmail.com> <CAMm+Lwjz603dPF+74A0tXBhOC86+ag8r2qHcD8LoVZcrDSTpXQ@mail.gmail.com> <CADGaDpEL7CiO+cWzA=cEDjAqjLwvnf9efRkGOFBsHtgEjcZA0A@mail.gmail.com> <CAMm+LwjC94cKFCbRrTYAcixqkVygQ7zefRAE0pb7nXQBGg+50Q@mail.gmail.com>
From: Thijs van Dijk <schnabbel@inurbanus.nl>
Date: Mon, 19 Sep 2016 12:36:04 +0200
Message-ID: <CADGaDpE7qdY8VnHWQboW5RYoDTs0GsgT8A8Zg2psKi9goQ=RHQ@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: multipart/alternative; boundary="001a113fdef819b836053cd9e149"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/TybAn8ODjHAPIVJtmcnVfcw3piA>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Proposed text for V5 fingerprint
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Sep 2016 10:36:14 -0000
On 17 September 2016 at 23:43, Phillip Hallam-Baker <phill@hallambaker.com> wrote: > That is a really bad cartoon to bring up at a standards body. > Right. Sorry. The other reason for having the content-id in is to allow versioning within >>> OpenPGP. So for example, lets say that there is a V6 key format but we >>> don't want to change the digest value. We can change the OpenPGP content >>> definition format as many times as we like without having to use up any of >>> those scarce fingerprint version IDs. >>> >> >> Ah, so the version ID pertains to the fingerprint method only and not the >> underlying key? That's good to know, and probably a good thing to document >> for posterity if we choose to adopt this scheme. >> In that case I'll have to lower my previous +1 on prepending a version >> ID. I'd have loved to have been able to tell at a glance if a fingerprint >> belongs to a v5 or a v6 key even if we keep the hash format the same, but I >> see now that that isn't going to be possible without downloading the keys >> in full. >> > > The current design neither forces the version ID to stay the same nor to > change it. So that isn't a decision we need to take now. > > The only thing that forces a change of VersionID is a change in digest > algorithm. Which is probably the thing that would lead to a V6 format > anyway. > That's a good point. In fact, I'll hazard a guess and say that that's likely to be the only event to warrant a key version bump. I think we should kill fingerprints with a work factor of less than 2^92 > as unsafe. No matter what, they just keep coming back and biting in bad > ways. > Fair enough. At the other end of the spectrum, do you have any thoughts on what we can consider the "full" fingerprint? This scheme has an implied maximum length of 500 bits (the largest multiple of 25 less than 512+8). Apart from specifying a minimum (100 bits), do you think we should make a recommendation for what is an appropriate level of assurance? (E.g. 250 bits - 10 groups of 5 base32 characters, similar in size and grouping to V4 fingerprints.) Apart from this, you'll be glad to know that I've kicked the tyres of this proposal about all I can, and I like it a lot. Eagerly awaiting someone else to chime in at this point. -Thijs
- [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker
- Re: [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker
- Re: [openpgp] Proposed text for V5 fingerprint Thijs van Dijk
- Re: [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker
- Re: [openpgp] Proposed text for V5 fingerprint Thijs van Dijk
- Re: [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker
- Re: [openpgp] Proposed text for V5 fingerprint Thijs van Dijk
- Re: [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker
- Re: [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker