Re: [openpgp] v5 in the crypto-refresh draft

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 05 June 2021 11:21 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4872E3A1F6D for <openpgp@ietfa.amsl.com>; Sat, 5 Jun 2021 04:21:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ezrLinVxp6_w for <openpgp@ietfa.amsl.com>; Sat, 5 Jun 2021 04:21:04 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [180.189.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A58273A1F6A for <openpgp@ietf.org>; Sat, 5 Jun 2021 04:21:03 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2171.outbound.protection.outlook.com [104.47.71.171]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-89-jnXGeFGJOOGk55LA2qnl0w-1; Sat, 05 Jun 2021 21:20:54 +1000
X-MC-Unique: jnXGeFGJOOGk55LA2qnl0w-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SYCPR01MB4272.ausprd01.prod.outlook.com (2603:10c6:10:41::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.24; Sat, 5 Jun 2021 11:20:49 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::9965:92dd:f5b:87a7]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::9965:92dd:f5b:87a7%6]) with mapi id 15.20.4195.026; Sat, 5 Jun 2021 11:20:49 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Daniel Huigens <d.huigens@protonmail.com>
CC: "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] v5 in the crypto-refresh draft
Thread-Index: AQHXWQzuzdssG/TtVk6GhEyMb/dWfKsEF2UAgAEv9ww=
Date: Sat, 5 Jun 2021 11:20:48 +0000
Message-ID: <SY4PR01MB62516FFB629BC19330E9129CEE3A9@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <87lf7q6sh0.fsf@fifthhorseman.net>, <CehzUzKNsBcldCQuRadnyAgV7hLQR1cve61qHfJYP-_cTKGeKTAMVo1GUdmbIL0AumFM9-XizsIiI8KAZvs44WILEG3FbHxM6aSTk7tSGzg=@protonmail.com>
In-Reply-To: <CehzUzKNsBcldCQuRadnyAgV7hLQR1cve61qHfJYP-_cTKGeKTAMVo1GUdmbIL0AumFM9-XizsIiI8KAZvs44WILEG3FbHxM6aSTk7tSGzg=@protonmail.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [14.1.76.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2f70a140-5408-4e42-723c-08d92813f8a7
x-ms-traffictypediagnostic: SYCPR01MB4272:
x-microsoft-antispam-prvs: <SYCPR01MB4272B934AB8826B450F1AC15EE3A9@SYCPR01MB4272.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: NRD+9KVjZmixc+sHv9Q1EuDV3B/UCzLMv76XngUVkHczdPLfE9KMTIPZ16MmZnUyFlycQgkve3DSl5tx9AMG4wDahEO+4XnMwk9XYTmTpX8MKotBcpJOGD6ui0oGKO4yQLVGf6GQXqRiMiF9m/gE5wdJFyDtctdh3U1Mm6ujFnIkcFGEzm1rcjqfiiVisCSr+8vaaSzmxuJHGhBUMt6HJxGhBHAySODzzSzweWAJa/2GzyNXwY5Us0DXKvbKhWt1snlesAG7trkAtuu2glclc15CDFeooPgtM6+DtICAcVt6bVbOFV+kgcTDGkDbWjNYU0rIp0TCy3EjRrtzBIaLeHX7IrN54yO06IZwG/xsPvgldS+tLncGDhASQ3WlVsy3jm99AXPB6X1/a7yHi24SXqwCYNwk+KGBsPvhagpI2K/AtoYi/0gY8ajBsTDlx0fOVvA8h7Gdcs682OezP/I/qc9bWqj9By4T8NgRKYnsf5c/oTJG4HVstSxh/0OkpdaQStGO+8ugX3ep/k3SmalZRVJQoxMnPNTLnqQ7qp2iY7oDBrnsar4Yxyj8ktShAOTQ6QCSvwc5EQcbZzV80502V+lIvdsfr/MrzCRTtLZUIdk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(396003)(136003)(346002)(39860400002)(366004)(9686003)(26005)(7696005)(55016002)(86362001)(33656002)(4326008)(52536014)(478600001)(76116006)(38100700002)(66446008)(66476007)(64756008)(66556008)(2906002)(66946007)(71200400001)(6506007)(5660300002)(316002)(122000001)(786003)(186003)(110136005)(4744005)(8676002)(8936002); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata: =?iso-8859-1?Q?6HWC6tguhw9mqemgNl/YUoX1xppWcNLSG5gPR481LIe+mDj7k7PsiwnMpa?= =?iso-8859-1?Q?z5vLG1tSe0rYGwaHenZAE4SeITcfPHA0+er+Pa9yu7SnQq4cpQa4OcIf8r?= =?iso-8859-1?Q?b6XfI3iCY+atVeWWFVi3v1SKsGHMnfrmEyXcc8TvD6GzBZ5uSNH0q2fVQA?= =?iso-8859-1?Q?CI373ANfob7K4JA15Qkc0OxCRMYVrrV7Vgp0kVUfbjRtsp7Xw1xahnUtO0?= =?iso-8859-1?Q?l5IbtXkE7L/NRMZRBmT8GrfoBubgQ3wzAQjA3/IP5Ysdl5bN7RoLeHbTQP?= =?iso-8859-1?Q?ERyLVhbRqGVHlWv2BMk4pacq0p6mWDrkGQ0FztbwqCxSr0QbQlWx/6pMAJ?= =?iso-8859-1?Q?dZT+mX+b8hibVnVAwcMEKoE6z1ZcSVakDYnSaC9FNg8c9jfbKAyhnDcayH?= =?iso-8859-1?Q?bsaRgCCdzcSj+cz3bAa6HvyTdDBerBaP3i1DP5ykljp1bRWtidvtsc/JyS?= =?iso-8859-1?Q?cg7kkYTy4wrEAL7wY3fnzfyhqnNLkkm8h03c89tojWgd5eWgcHxi4uWXbV?= =?iso-8859-1?Q?6GXUt/I43XtRM9PzKbEEn/mGA+tVTSffrLHtAc0va3He+lLaA/TJE/WlF/?= =?iso-8859-1?Q?KvScNMNySlP0JFs0AQHbROLNJtQ6OsFDbijDGjGhtz7laAKpS2fusP8851?= =?iso-8859-1?Q?mO1HD1PwKuDV8dt4zxzDhk9b/M5BfjHh2xqzGIxhYuo6J5s4bZzQmcASH1?= =?iso-8859-1?Q?WZ1kybKZre8H9DV3GaJOiMvq9EbqJjfMeaVBKZ+O7TDRmgQwYQ7BA7HnwU?= =?iso-8859-1?Q?zLxdR1YWe2Bf7q6HnnTyPzF+OeHlvjoTrqVKpWtLyplbXECdKqcVFvfmHo?= =?iso-8859-1?Q?9GvBdzLohYMvcYnnii0i/bYMd0OEqszK+L+uZbqzvP2Hj2oarE/SlJGcuB?= =?iso-8859-1?Q?6dK3T3m1/KfREaVlWUY5O02/gRSGuW3YbSjvve4cTajHrgEjCy1Eadk7Cb?= =?iso-8859-1?Q?14UDbDDTMsBfB5bzv7oNuqOIu8TCg9YsIkAP3CASrfIIOLUpooRwPMAI0v?= =?iso-8859-1?Q?kJDmB59UeLp/r92BCqjcbQJERJXtOk64qgZjKAN3QhLuAIjVF4Lp3EAlZO?= =?iso-8859-1?Q?tzrLWGAqYfO9fs3sbCazRC1EFO1VCmDg9AFyESDbRawtOsMAIL+fzYm/kA?= =?iso-8859-1?Q?dNXe3FLqt6Ean2GuS8ZLrYVPST7uuUa0ubz1viCrUrupbMMVOAKbelS8AO?= =?iso-8859-1?Q?ffUhRcBLnfMr5nKd7VgLjjR9q113ANn/xQMx8UJNbD9fPNRx34VZQS1QXI?= =?iso-8859-1?Q?T2pmBnW124ZqZ6mGTpBloyWZ3UC8o186kS7rjpLB937TYhtxdSfwmdNCUY?= =?iso-8859-1?Q?NEXLtVBoO1OQzZogLD5avYBoAmEFQxB5E7ARykKLnsmwJVE=3D?=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2f70a140-5408-4e42-723c-08d92813f8a7
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jun 2021 11:20:48.0842 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qI2kP7T5x0uBXvZ6nRv6LhByLqtV3Sxc0odhxlRTUGRgQL753Fb7Ykg3RPUS2OTzzzAEQ46SXweVkdRjnOsx3O449EElF5Ccp84EtYcp/cE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYCPR01MB4272
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/UrPnPm-BlEDlUBdUDo3ZGLPSOwU>
Subject: Re: [openpgp] v5 in the crypto-refresh draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jun 2021 11:21:08 -0000

Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org> writes:

>As an alternative option, if the only goal is to fix SHA1 fingerprints,

The first thing to do when "fixing" SHA1 fingerprints, meaning breaking all
existing fingerprints on the planet, is to define what properties they need to
have.  I can't think of anything for which SHA-256 is OK but SHA-1 isn't, so
before arbitrarily throwing SHA-256 in there we'd need to define what's needed
for a fingerprint algorithm to see why -1 doesn't meet the requirements, and
whether -256 does.

To pre-empt the inevitable response, collision-resistance isn't a property
that I can see is needed, given that X.509 and S/MIME have been using static
text strings as IDs since before PGP existed without anyone finding
vulnerabilities with them.  A fingerprint algorithm is just a way of mapping a
key to a fixed-length identifier, for which almost anything will do.

Peter.