Re: [openpgp] Fingerprint requirements for OpenPGP
Derek Atkins <derek@ihtfp.com> Wed, 13 April 2016 14:28 UTC
Return-Path: <derek@ihtfp.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C077012DDC2 for <openpgp@ietfa.amsl.com>; Wed, 13 Apr 2016 07:28:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LZZy4QMZlUTk for <openpgp@ietfa.amsl.com>; Wed, 13 Apr 2016 07:28:01 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 012D112DDB5 for <openpgp@ietf.org>; Wed, 13 Apr 2016 07:28:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 61DA9E2036; Wed, 13 Apr 2016 10:26:51 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 25547-05; Wed, 13 Apr 2016 10:26:37 -0400 (EDT)
Received: from securerf.ihtfp.org (tacc-24-54-172-229.smartcity.com [24.54.172.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 56A96E2039; Wed, 13 Apr 2016 10:26:35 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1460557596; bh=+kl3WXgLX6ziCLebBHYaxASbSnfQhTo8WG/+4MZ/1u4=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=YoR1T8M/ocSUBjZOXa2zqyVdaGood9zDnBSTrY3hDRpazL1pVI5s4Ircshidhv/3r xunowgUe7dbEcGPivIZygm5y7V0Dl+DEtRlwW6Ini0AKYZ088VIJhsrSfODjhYNImT zIyAXSXpPOgBJKym7bea7YHue91X9Qd4SiuUWX18=
Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.14.8/Submit) id u3DER5B0026678; Wed, 13 Apr 2016 10:27:05 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Derek Atkins <derek@ihtfp.com>
References: <87vb3nslqh.fsf@alice.fifthhorseman.net> <sjmbn5e3na2.fsf@securerf.ihtfp.org> <87d1pug303.fsf@wheatstone.g10code.de> <85d83d5bac518c53d7a78d5d049a73ed.squirrel@mail2.ihtfp.org> <87wpo2ehch.fsf@wheatstone.g10code.de>
Date: Wed, 13 Apr 2016 10:27:04 -0400
In-Reply-To: <87wpo2ehch.fsf@wheatstone.g10code.de> (Werner Koch's message of "Tue, 12 Apr 2016 21:51:10 +0200")
Message-ID: <sjmk2k11t53.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/WT4tnmnhj1Cap8t8MKa4nWY3QzE>
Cc: IETF OpenPGP <openpgp@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [openpgp] Fingerprint requirements for OpenPGP
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2016 14:28:03 -0000
Werner, Werner Koch <wk@gnupg.org> writes: > On Tue, 12 Apr 2016 19:44, derek@ihtfp.com said: > >> This would fall under an "internal DB Identifier." DKG called that out of >> scope for this discussion topic. > > It is not "internal" because it is part of the OpenPGP protocol > (Signature Packet) and thus visible by all who are verifying a > signature. > > I define "internal" as a property of the implementation - maybe this is > the misunderstanding. Probably. To me the key part of "internal" means "a human never sees it". I'm considering "internal" to be "in the data formats", which can be used between implementations and not just within a single implementation. >> There is no human in the loop here. That means it does not need to be >> "the same" as the user-visible "fingerprint". > > Need not, right. But adding yet another identifier to a key only leads > to more confusion and more complex error handling. I do not expect that > you want OpenPGP to repeat the error made by X.509. We already, to some degree, have that issue. There's the keyID and there's the fingerprint. They are different (although with v4 one is derived from the other). I think we need to step back again and keep in mind that the (human) authenticaton fingerprint may (should?) be different from the (internal or external) database identifer string. > Salam-Shalom, > > Werner -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
- [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
- Re: [openpgp] Fingerprint requirements for OpenPGP Vincent Breitmoser
- Re: [openpgp] Fingerprint requirements for OpenPGP Joseph Lorenzo Hall
- Re: [openpgp] Fingerprint requirements for OpenPGP Vincent Breitmoser
- Re: [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
- Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
- Re: [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
- Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
- Re: [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
- Re: [openpgp] Fingerprint requirements for OpenPGP Salz, Rich
- Re: [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
- Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
- Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
- Re: [openpgp] Fingerprint requirements for OpenPGP KellerFuchs
- Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
- Re: [openpgp] Fingerprint requirements for OpenPGP Jon Callas
- [openpgp] proof-of-work fingerprints [was: Re: Fi… Daniel Kahn Gillmor
- Re: [openpgp] Fingerprint requirements for OpenPGP Daniel Kahn Gillmor
- Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
- Re: [openpgp] Fingerprint requirements for OpenPGP Bill Frantz
- Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
- Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
- Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
- Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
- Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
- Re: [openpgp] Fingerprint requirements for OpenPGP Joseph Lorenzo Hall
- Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
- Re: [openpgp] Fingerprint requirements for OpenPGP Werner Koch
- Re: [openpgp] Fingerprint requirements for OpenPGP Vincent Breitmoser
- Re: [openpgp] Fingerprint requirements for OpenPGP Joseph Lorenzo Hall
- Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
- Re: [openpgp] Fingerprint requirements for OpenPGP Derek Atkins
- Re: [openpgp] Fingerprint requirements for OpenPGP Joseph Lorenzo Hall
- Re: [openpgp] Fingerprint requirements for OpenPGP Phillip Hallam-Baker
- Re: [openpgp] proof-of-work fingerprints [was: Re… Phillip Hallam-Baker
- Re: [openpgp] proof-of-work fingerprints [was: Re… Phillip Hallam-Baker