Re: [openpgp] [FORGED] RE: Fingerprint schemes versus what to fingerprint
Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 11 April 2016 20:00 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A03A12D621 for <openpgp@ietfa.amsl.com>; Mon, 11 Apr 2016 13:00:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.196
X-Spam-Level:
X-Spam-Status: No, score=-5.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oNMmvSvmsqAt for <openpgp@ietfa.amsl.com>; Mon, 11 Apr 2016 13:00:56 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2048512D72F for <openpgp@ietf.org>; Mon, 11 Apr 2016 13:00:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1460404855; x=1491940855; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=HINGkWCd4Zz5LSqkPHvH2lOcwTEDKnbrZjZyef0GTeU=; b=rwDFGBfiFFe6Ss2d56KKBoKAG9Ae4rtEBi01aJvmsDGc4XDGm81+UTe8 rJuFypjzgmtExFgBp1ThicJAi2//cre+Z6WM4hFzv1Ocrbn+dpdRZ6Eqv 5DTTTchPYhi7eIx/ogS2nCY79hXFIzQkfmAw2FaXECN2VSIsnFDOypBzR e7wRWRuo38bfuqodfrGG4WWk3lrrHkjG4ChY3I9koTkXRlaGPod8xzgnB S+q11uvfxPYA6lchZcfwA8fS93hkEoAAwnVDqFtAXXB4eKoMg8oavyfph Cysbg0ozKxF/Ln9T4dlGpgBB6frA/1RxNBNUGj5moARTTBigbLK9jOVCS w==;
X-IronPort-AV: E=Sophos;i="5.24,470,1454929200"; d="scan'208";a="79444460"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.125 - Outgoing - Outgoing
Received: from uxchange10-fe3.uoa.auckland.ac.nz ([130.216.4.125]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 12 Apr 2016 08:00:53 +1200
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.33]) by uxchange10-fe3.UoA.auckland.ac.nz ([169.254.143.234]) with mapi id 14.03.0266.001; Tue, 12 Apr 2016 08:00:52 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Derek Atkins <derek@ihtfp.com>
Thread-Topic: [FORGED] RE: [openpgp] Fingerprint schemes versus what to fingerprint
Thread-Index: AQHRlCt+rZao6ETIzE+Sd0pvvJC4lp+FMSDT
Date: Mon, 11 Apr 2016 20:00:52 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4C57E39@uxcn10-5.UoA.auckland.ac.nz>
References: <43986BDA-010F-4DBF-8989-53E71B74E66A@gmail.com> <20151110021943.GH3896@vauxhall.crustytoothpaste.net> <72665D15-F685-41F6-A477-8E65DBBC5A04@gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4C42AC4@uxcn10-5.UoA.auckland.ac.nz>, <sjm1t6c40uy.fsf@securerf.ihtfp.org> <9A043F3CF02CD34C8E74AC1594475C73F4C56BF1@uxcn10-5.UoA.auckland.ac.nz>, <9652a57c1e22f4ac3d417aebca44851c.squirrel@mail2.ihtfp.org> <9A043F3CF02CD34C8E74AC1594475C73F4C57DA7@uxcn10-5.UoA.auckland.ac.nz>, <1025d76f337d2f2fe8a11d7626b11158.squirrel@mail2.ihtfp.org> <9A043F3CF02CD34C8E74AC1594475C73F4C57DFB@uxcn10-5.UoA.auckland.ac.nz>, <001f8b61900c9516081eed6ee177bde7.squirrel@mail2.ihtfp.org>
In-Reply-To: <001f8b61900c9516081eed6ee177bde7.squirrel@mail2.ihtfp.org>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.6.3.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/UAEPZ0jHvHPd60XsBIa2H5xW76c>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>, Bryan Ford <brynosaurus@gmail.com>
Subject: Re: [openpgp] [FORGED] RE: Fingerprint schemes versus what to fingerprint
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2016 20:00:58 -0000
Derek Atkins <derek@ihtfp.com> writes: >On Mon, April 11, 2016 3:42 pm, Peter Gutmann wrote: >> Derek Atkins <derek@ihtfp.com> writes: >>>More specifically: when you have your card generate your key material, you >>>pull off the public key and then generate your public key, compute your >>>fingerprint data (including OpenPGP metadata), and also create secring data >>>that contains whatever PKCS#11 reference data you need to re-access that key. >>>Later when you use that card/key you know how to reference it. >> >> Where do you store all this stuff? PKCS #11 doesn't provide a means of >> storing it, you can search by something like the public key or >> issuerAndSerialNumber, but not by hash-of-the-public-key-and-nonce. > >Like I said, you put it into your secring.skr file. But you can't store a secring.skr file on a PKCS #11 device. Or are you expecting the user to carry around a smart card and a separate USB key with all the stuff that can't be stored on the smart card, with an app that knows how to combine all the bits and pieces together to make use of it? Peter.
- [openpgp] Keyholder-configurable fingerprint sche… Bryan Ford
- Re: [openpgp] Keyholder-configurable fingerprint … ianG
- Re: [openpgp] Keyholder-configurable fingerprint … ianG
- Re: [openpgp] Keyholder-configurable fingerprint … brian m. carlson
- [openpgp] Fingerprint schemes versus what to fing… Bryan Ford
- Re: [openpgp] Fingerprint schemes versus what to … Werner Koch
- Re: [openpgp] Fingerprint schemes versus what to … Peter Gutmann
- Re: [openpgp] Fingerprint schemes versus what to … Werner Koch
- Re: [openpgp] Fingerprint schemes versus what to … Bryan Ford
- Re: [openpgp] Fingerprint schemes versus what to … Werner Koch
- Re: [openpgp] Fingerprint schemes versus what to … Bryan Ford
- Re: [openpgp] Fingerprint schemes versus what to … Bill Frantz
- Re: [openpgp] Fingerprint schemes versus what to … Derek Atkins
- Re: [openpgp] Fingerprint schemes versus what to … Peter Gutmann
- Re: [openpgp] Fingerprint schemes versus what to … Derek Atkins
- Re: [openpgp] [FORGED] RE: Fingerprint schemes ve… Peter Gutmann
- Re: [openpgp] [FORGED] RE: Fingerprint schemes ve… Derek Atkins
- Re: [openpgp] [FORGED] RE: [FORGED] RE: Fingerpri… Peter Gutmann
- Re: [openpgp] Fingerprint schemes versus what to … Derek Atkins
- Re: [openpgp] [FORGED] RE: Fingerprint schemes ve… Peter Gutmann
- Re: [openpgp] Fingerprint schemes versus what to … Derek Atkins
- Re: [openpgp] [FORGED] RE: Fingerprint schemes ve… Mark D. Baushke
- Re: [openpgp] Fingerprint schemes versus what to … Werner Koch
- Re: [openpgp] [FORGED] RE: Fingerprint schemes ve… Werner Koch