Re: [openpgp] v5 in the crypto-refresh draft
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 05 June 2021 11:21 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4872E3A1F6D for <openpgp@ietfa.amsl.com>; Sat, 5 Jun 2021 04:21:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ezrLinVxp6_w for <openpgp@ietfa.amsl.com>; Sat, 5 Jun 2021 04:21:04 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [180.189.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A58273A1F6A for <openpgp@ietf.org>; Sat, 5 Jun 2021 04:21:03 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2171.outbound.protection.outlook.com [104.47.71.171]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-89-jnXGeFGJOOGk55LA2qnl0w-1; Sat, 05 Jun 2021 21:20:54 +1000
X-MC-Unique: jnXGeFGJOOGk55LA2qnl0w-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SYCPR01MB4272.ausprd01.prod.outlook.com (2603:10c6:10:41::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.24; Sat, 5 Jun 2021 11:20:49 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::9965:92dd:f5b:87a7]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::9965:92dd:f5b:87a7%6]) with mapi id 15.20.4195.026; Sat, 5 Jun 2021 11:20:49 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Daniel Huigens <d.huigens@protonmail.com>
CC: "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] v5 in the crypto-refresh draft
Thread-Index: AQHXWQzuzdssG/TtVk6GhEyMb/dWfKsEF2UAgAEv9ww=
Date: Sat, 05 Jun 2021 11:20:48 +0000
Message-ID: <SY4PR01MB62516FFB629BC19330E9129CEE3A9@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <87lf7q6sh0.fsf@fifthhorseman.net>, <CehzUzKNsBcldCQuRadnyAgV7hLQR1cve61qHfJYP-_cTKGeKTAMVo1GUdmbIL0AumFM9-XizsIiI8KAZvs44WILEG3FbHxM6aSTk7tSGzg=@protonmail.com>
In-Reply-To: <CehzUzKNsBcldCQuRadnyAgV7hLQR1cve61qHfJYP-_cTKGeKTAMVo1GUdmbIL0AumFM9-XizsIiI8KAZvs44WILEG3FbHxM6aSTk7tSGzg=@protonmail.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [14.1.76.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2f70a140-5408-4e42-723c-08d92813f8a7
x-ms-traffictypediagnostic: SYCPR01MB4272:
x-microsoft-antispam-prvs: <SYCPR01MB4272B934AB8826B450F1AC15EE3A9@SYCPR01MB4272.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: NRD+9KVjZmixc+sHv9Q1EuDV3B/UCzLMv76XngUVkHczdPLfE9KMTIPZ16MmZnUyFlycQgkve3DSl5tx9AMG4wDahEO+4XnMwk9XYTmTpX8MKotBcpJOGD6ui0oGKO4yQLVGf6GQXqRiMiF9m/gE5wdJFyDtctdh3U1Mm6ujFnIkcFGEzm1rcjqfiiVisCSr+8vaaSzmxuJHGhBUMt6HJxGhBHAySODzzSzweWAJa/2GzyNXwY5Us0DXKvbKhWt1snlesAG7trkAtuu2glclc15CDFeooPgtM6+DtICAcVt6bVbOFV+kgcTDGkDbWjNYU0rIp0TCy3EjRrtzBIaLeHX7IrN54yO06IZwG/xsPvgldS+tLncGDhASQ3WlVsy3jm99AXPB6X1/a7yHi24SXqwCYNwk+KGBsPvhagpI2K/AtoYi/0gY8ajBsTDlx0fOVvA8h7Gdcs682OezP/I/qc9bWqj9By4T8NgRKYnsf5c/oTJG4HVstSxh/0OkpdaQStGO+8ugX3ep/k3SmalZRVJQoxMnPNTLnqQ7qp2iY7oDBrnsar4Yxyj8ktShAOTQ6QCSvwc5EQcbZzV80502V+lIvdsfr/MrzCRTtLZUIdk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(396003)(136003)(346002)(39860400002)(366004)(9686003)(26005)(7696005)(55016002)(86362001)(33656002)(4326008)(52536014)(478600001)(76116006)(38100700002)(66446008)(66476007)(64756008)(66556008)(2906002)(66946007)(71200400001)(6506007)(5660300002)(316002)(122000001)(786003)(186003)(110136005)(4744005)(8676002)(8936002); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata: 6HWC6tguhw9mqemgNl/YUoX1xppWcNLSG5gPR481LIe+mDj7k7PsiwnMpaz5vLG1tSe0rYGwaHenZAE4SeITcfPHA0+er+Pa9yu7SnQq4cpQa4OcIf8rb6XfI3iCY+atVeWWFVi3v1SKsGHMnfrmEyXcc8TvD6GzBZ5uSNH0q2fVQACI373ANfob7K4JA15Qkc0OxCRMYVrrV7Vgp0kVUfbjRtsp7Xw1xahnUtO0l5IbtXkE7L/NRMZRBmT8GrfoBubgQ3wzAQjA3/IP5Ysdl5bN7RoLeHbTQPERyLVhbRqGVHlWv2BMk4pacq0p6mWDrkGQ0FztbwqCxSr0QbQlWx/6pMAJdZT+mX+b8hibVnVAwcMEKoE6z1ZcSVakDYnSaC9FNg8c9jfbKAyhnDcayHbsaRgCCdzcSj+cz3bAa6HvyTdDBerBaP3i1DP5ykljp1bRWtidvtsc/JyScg7kkYTy4wrEAL7wY3fnzfyhqnNLkkm8h03c89tojWgd5eWgcHxi4uWXbV6GXUt/I43XtRM9PzKbEEn/mGA+tVTSffrLHtAc0va3He+lLaA/TJE/WlF/KvScNMNySlP0JFs0AQHbROLNJtQ6OsFDbijDGjGhtz7laAKpS2fusP8851mO1HD1PwKuDV8dt4zxzDhk9b/M5BfjHh2xqzGIxhYuo6J5s4bZzQmcASH1WZ1kybKZre8H9DV3GaJOiMvq9EbqJjfMeaVBKZ+O7TDRmgQwYQ7BA7HnwUzLxdR1YWe2Bf7q6HnnTyPzF+OeHlvjoTrqVKpWtLyplbXECdKqcVFvfmHo9GvBdzLohYMvcYnnii0i/bYMd0OEqszK+L+uZbqzvP2Hj2oarE/SlJGcuB6dK3T3m1/KfREaVlWUY5O02/gRSGuW3YbSjvve4cTajHrgEjCy1Eadk7Cb14UDbDDTMsBfB5bzv7oNuqOIu8TCg9YsIkAP3CASrfIIOLUpooRwPMAI0vkJDmB59UeLp/r92BCqjcbQJERJXtOk64qgZjKAN3QhLuAIjVF4Lp3EAlZOtzrLWGAqYfO9fs3sbCazRC1EFO1VCmDg9AFyESDbRawtOsMAIL+fzYm/kAdNXe3FLqt6Ean2GuS8ZLrYVPST7uuUa0ubz1viCrUrupbMMVOAKbelS8AOffUhRcBLnfMr5nKd7VgLjjR9q113ANn/xQMx8UJNbD9fPNRx34VZQS1QXIT2pmBnW124ZqZ6mGTpBloyWZ3UC8o186kS7rjpLB937TYhtxdSfwmdNCUYNEXLtVBoO1OQzZogLD5avYBoAmEFQxB5E7ARykKLnsmwJVE=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2f70a140-5408-4e42-723c-08d92813f8a7
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jun 2021 11:20:48.0842 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qI2kP7T5x0uBXvZ6nRv6LhByLqtV3Sxc0odhxlRTUGRgQL753Fb7Ykg3RPUS2OTzzzAEQ46SXweVkdRjnOsx3O449EElF5Ccp84EtYcp/cE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYCPR01MB4272
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/UrPnPm-BlEDlUBdUDo3ZGLPSOwU>
Subject: Re: [openpgp] v5 in the crypto-refresh draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jun 2021 11:21:08 -0000
Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org> writes: >As an alternative option, if the only goal is to fix SHA1 fingerprints, The first thing to do when "fixing" SHA1 fingerprints, meaning breaking all existing fingerprints on the planet, is to define what properties they need to have. I can't think of anything for which SHA-256 is OK but SHA-1 isn't, so before arbitrarily throwing SHA-256 in there we'd need to define what's needed for a fingerprint algorithm to see why -1 doesn't meet the requirements, and whether -256 does. To pre-empt the inevitable response, collision-resistance isn't a property that I can see is needed, given that X.509 and S/MIME have been using static text strings as IDs since before PGP existed without anyone finding vulnerabilities with them. A fingerprint algorithm is just a way of mapping a key to a fixed-length identifier, for which almost anything will do. Peter.
- [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Huigens
- Re: [openpgp] v5 in the crypto-refresh draft Michael Richardson
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Paul Wouters
- Re: [openpgp] v5 in the crypto-refresh draft Michael Richardson
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Paul Wouters
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Nickolay Olshevsky
- Re: [openpgp] v5 in the crypto-refresh draft Peter Pentchev
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Peter Pentchev
- Re: [openpgp] v5 in the crypto-refresh draft Michael Richardson
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Paul Wouters
- Re: [openpgp] v5 in the crypto-refresh draft Justus Winter
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor
- Re: [openpgp] v5 in the crypto-refresh draft Peter Gutmann
- Re: [openpgp] v5 in the crypto-refresh draft Daniel Kahn Gillmor