IETF Logo Mail Archive

Re: [openpgp] Version 5 key and fingerprint proposal

Thijs van Dijk <schnabbel@inurbanus.nl> Thu, 16 March 2017 11:51 UTC

Return-Path: <schnabbel@inurbanus.nl>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 346CA129426 for <openpgp@ietfa.amsl.com>; Thu, 16 Mar 2017 04:51:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.334
X-Spam-Level:
X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inurbanus.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dw57h0MkZYcd for <openpgp@ietfa.amsl.com>; Thu, 16 Mar 2017 04:51:32 -0700 (PDT)
Received: from mail-ua0-x231.google.com (mail-ua0-x231.google.com [IPv6:2607:f8b0:400c:c08::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E47B4129432 for <openpgp@ietf.org>; Thu, 16 Mar 2017 04:51:31 -0700 (PDT)
Received: by mail-ua0-x231.google.com with SMTP id u30so24650305uau.0 for <openpgp@ietf.org>; Thu, 16 Mar 2017 04:51:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=CZyBjghnVdBXKdxZPZaA013r5Qx3Oxm+3wZUoiSw4x0=; b=WNKiXLkxvC67ipV5kNG3GUEjlZYL7B7kS43SZpUn1mQ1huNwH8su+1ONXbYaNrBUKD o/t9bhAM84XxHZR5+e6W74r39gyGk3FIOgyW31OUZvZGc34mgOQl9Ei2bxZM5Qcfbevx kp3SDIYmuI+WKwNTp2S7LvlDpHA46K1O2vEV4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=CZyBjghnVdBXKdxZPZaA013r5Qx3Oxm+3wZUoiSw4x0=; b=gLglJdwkpYfRp6kGyivWAz19D8sis+hz3UNW+BuogodvoXHSayPCm2QnUa/jE47SYi pmEotrpGD55WCsVxk7qZRfpOEDbJVeWgqrwDie5hR+rMijIrwVgxOW6rGAdnilYUuUA5 DtV3/F2VaY+Pw8ijnypzCZBSNqdw1Nu41Qhnd3SEh6p/SOST1ogW6unKxwcrY0O8Plkm 8FipxVmjMnY4R9jx3neeX+bLB04wNoM6E65Zvoqns4Lp8/sNO4YXnotcYXEesms0+KPD 7sgmio51bKrMEpB/COU+gabH49LgRE9ZKlsMogd3x5NRlfARsxALtYKl0R4ANKB6djCK 21Cg==
X-Gm-Message-State: AFeK/H0Pb9AkZOnNYNtQqjKP7vqywjJ2THXBLPON8SuTXaR1PrJKJCDktdwN1UcEHVr9bIYcLRh4rNq1GA8sZA==
X-Received: by 10.159.37.144 with SMTP id 16mr3578850uaf.80.1489665090557; Thu, 16 Mar 2017 04:51:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.124.2 with HTTP; Thu, 16 Mar 2017 04:51:30 -0700 (PDT)
In-Reply-To: <87mvclwjih.fsf@wheatstone.g10code.de>
References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <CABcZeBMhpXy-e9Mtp8LwfqfAVW_ks3JBw1H2N3H_0c4gpQBqpg@mail.gmail.com> <DAC23A62-14BF-4AAA-8E52-09029B279E8F@icloud.com> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de>
From: Thijs van Dijk <schnabbel@inurbanus.nl>
Date: Thu, 16 Mar 2017 12:51:30 +0100
Message-ID: <CADGaDpGkMWy00OcZ-xoNg76bL2vL+Sg9WGAfhY+6uooGX+2xRg@mail.gmail.com>
To: IETF OpenPGP <openpgp@ietf.org>
Content-Type: multipart/alternative; boundary="001a1139ba668eba88054ad7ae91"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/UVNEedlv2t8hGfF3ektm6GQoCcg>
Subject: Re: [openpgp] Version 5 key and fingerprint proposal
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 11:51:34 -0000

I'm in favour of truncating SHA-512 to 200 bits, though this is not a
strong preference.

-Thijs

(As a general principle, I like the idea of not exposing more than half of
a hash's internal state to the wild. A remnant of ye olden days where it
would've made length extension attacks that much more difficult.)

--
Thijs van Dijk

6A94 F9A2 DFE5 40E3 067E  C282 2AFE 9EFA 718B 6165

On 16 March 2017 at 12:25, Werner Koch <wk@gnupg.org> wrote:

> On Tue, 14 Mar 2017 11:17, wk@gnupg.org said:
>
> > What do others think:
> >
> >  - Use SHA-256 and truncated to 200 bits
> >  - Use SHA-512 and truncated to 200 bits
> >  - Anything else
>
> No opinions?
>
>
> Shalom-Salam,
>
>    Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
>
>

v2.23.0 | Report a Bug | By Email