Re: [openpgp] New fingerprint: to v5 or not to v5
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 29 September 2015 18:40 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B5411B4AB3 for <openpgp@ietfa.amsl.com>; Tue, 29 Sep 2015 11:40:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g9cuEC2k72BX for <openpgp@ietfa.amsl.com>; Tue, 29 Sep 2015 11:40:42 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id DB3631B4AB2 for <openpgp@ietf.org>; Tue, 29 Sep 2015 11:40:41 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 8D34CF984; Tue, 29 Sep 2015 14:40:39 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id CB0C82005C; Tue, 29 Sep 2015 14:40:11 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Werner Koch <wk@gnupg.org>, IETF OpenPGP <openpgp@ietf.org>
In-Reply-To: <878u84zy4r.fsf@vigenere.g10code.de>
References: <878u84zy4r.fsf@vigenere.g10code.de>
User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Tue, 29 Sep 2015 14:40:11 -0400
Message-ID: <87fv1xxe5w.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/V-ySSNtNWcDuet2oFTIZU0yKwls>
Subject: Re: [openpgp] New fingerprint: to v5 or not to v5
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2015 18:40:43 -0000
On Thu 2015-09-17 14:41:56 -0400, Werner Koch <wk@gnupg.org> wrote: > If we want to introduce a, say, SHA-256 fingerprint, the straightforward > way is to define a v5 key packet format which will be identical to the > v4 format with the exception of the packet version number (and maybe > rules on what algorithms to use with a v5 key) [1]. Thanks for raising these points, Werner. It should be straightforward to take the key material from an existing v4 key and wrap it in a v5 packet, thereby producing a "new key" that's actually the "same key". So claiming that key material can only be used as *either* v4 or v5 wouldn't quite be correct. The difference here is that existing OpenPGP certifications made against the key wrapped in v4 public key packet won't be applied to the "new" v5 public key. Similarly, existing revocations or rejections of the old key won't be applied to the "new" key. That is, the same key material presented as a new version is effectively treated as a distinct key no matter what. i personally find the argument about wanting bijectivity pretty compelling. If we can say with confidence that one OpenPGP object has exactly one fingerprint format to use, that should greatly simplify matching and verification. So far, all responses in this thread have been in favor of coupling the version with the fingerprint choice. Does anyone in the WG want to speak against this, or should we treat it as a conclusive and move forward on that basis? --dkg
- [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 vedaal
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 Simon Josefsson
- Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel Kahn Gillmor
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel A. Nagy
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: which hash algo (w… Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Watson Ladd
- Re: [openpgp] New fingerprint: to v5 or not to v5 Phillip Hallam-Baker
- Re: [openpgp] New fingerprint: which hash algo (w… Tom Ritter
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Mark D. Baushke
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: which hash algo (w… Simon Josefsson
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: which hash algo ianG
- Re: [openpgp] New fingerprint: which hash algo vedaal
- Re: [openpgp] New fingerprint: which hash algo Steve Pointer
- Re: [openpgp] New fingerprint: which hash algo Alessandro Barenghi
- Re: [openpgp] New fingerprint: which hash algo Robert J. Hansen
- Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel Kahn Gillmor
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Jonathan McDowell
- Re: [openpgp] New fingerprint: to v5 or not to v5 Nicholas Cole
- Re: [openpgp] New fingerprint: to v5 or not to v5 Vincent Breitmoser
- Re: [openpgp] New fingerprint: which hash algo Daniel A. Nagy
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Watson Ladd
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: which hash algo Phillip Hallam-Baker
- Re: [openpgp] New fingerprint: which hash algo ianG
- Re: [openpgp] New fingerprint: which hash algo Daniel Kahn Gillmor
- Re: [openpgp] New fingerprint: which hash algo Phillip Hallam-Baker