IETF Logo Mail Archive

Re: [openpgp] Expected client behaviour ambiguity in signature verification

Andrew Gallagher <andrewg@andrewg.com> Fri, 08 July 2022 11:18 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF9BFC14F739 for <openpgp@ietfa.amsl.com>; Fri, 8 Jul 2022 04:18:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.983
X-Spam-Level:
X-Spam-Status: No, score=-3.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id saMhQFx5d39e for <openpgp@ietfa.amsl.com>; Fri, 8 Jul 2022 04:18:23 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [135.181.198.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7731AC157908 for <openpgp@ietf.org>; Fri, 8 Jul 2022 04:18:23 -0700 (PDT)
Received: from [IPv6:fc93:5820:737b:2d0b:a807::1] (whippet [IPv6:fc93:5820:737b:2d0b:a807::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 8B55C5EC9D; Fri, 8 Jul 2022 11:18:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1657279100; bh=dF79M0BntrzKEVmm7jrMYJIDZcXWHe844VdyAlAg0UY=; h=To:References:From:Subject:Date:In-Reply-To:From; b=Wkrct88mxPCuGoZn7EZ71xHvWwMyC+XYWkTxogSbFDeVJQofUTH0bWN7jjtv+t4oz orLPLGr3xwoHhBC0dErEQg6HIuB2UZPF8WAyncP1YwehTPg6R+QxEJUEbakGz1INNK GFO6xoWAQ2XPciB/IFN7+4eIUwYtFldpuQVDcjQRgnrCMGbqqi0q+qF/RPJ2aju2Fs zDj3GmGBb5k3sC4+sYf+2bGR8j2R1XaIoTi7gBLvM+sYRapwgSHmtIzl3hD8S9lcgI LLOAG0DSYBDt/VGRJWLLmoW+LphqeF8BsmOd6+RtXjBTdKIaEtuknqytme/FacNoNm 2I5ej6WPXiIeA==
To: Jonathan McDowell <noodles@earth.li>, openpgp@ietf.org, Justus Winter <justus@sequoia-pgp.org>
References: <d0483dcb-025b-37c2-9a26-e42133b506ac@andrewg.com> <YscsLPg2I0Oaio8B@earth.li> <87v8s7x4cs.fsf@europ.lan> <YsgNt4FJ21JAVvFg@earth.li>
From: Andrew Gallagher <andrewg@andrewg.com>
Message-ID: <2780fc0d-b780-bad2-f61d-9bd4b39c127c@andrewg.com>
Date: Fri, 08 Jul 2022 12:18:13 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
MIME-Version: 1.0
In-Reply-To: <YsgNt4FJ21JAVvFg@earth.li>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="IcVOwBsSBGFwzW0pMoXYcW4BPrQLQ2h89"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/UaYjW7KxnNN8dx2OaVvvIgrqsLA>
Subject: Re: [openpgp] Expected client behaviour ambiguity in signature verification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2022 11:18:27 -0000

On 08/07/2022 11:57, Jonathan McDowell wrote:
> On Fri, Jul 08, 2022 at 12:53:39PM +0200, Justus Winter wrote:
>
>> Alternatively, keyservers (anyone, really) could fix the digest prefix.

We could normalize in the keyservers, but I'd like to first get the
opinion of other implementations about whether this might cause them any
issues when merging compliant and non-compliant versions of the same
signature packet.

> We still don't seem to know what's *generating* the bad data.

Nikolay's earlier reply indicates that it is probably openpgp-php:

https://github.com/singpolyma/openpgp-php/issues/120#issuecomment-1012034968

https://github.com/singpolyma/openpgp-php/blob/2a48242a7ad1dc6c7be90191ec814619ae20aa1b/lib/openpgp.php#L701

A

v2.23.0 | Report a Bug | By Email