IETF Logo Mail Archive

Re: [openpgp] Fingerprints

Derek Atkins <derek@ihtfp.com> Mon, 20 April 2015 15:17 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3914F1B2EC8 for <openpgp@ietfa.amsl.com>; Mon, 20 Apr 2015 08:17:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4T_J4bRcD1fr for <openpgp@ietfa.amsl.com>; Mon, 20 Apr 2015 08:17:28 -0700 (PDT)
Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:4830:143:1::3a11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0D6A1B2EC7 for <openpgp@ietf.org>; Mon, 20 Apr 2015 08:17:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 14003E2038; Mon, 20 Apr 2015 11:17:27 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 06068-06; Mon, 20 Apr 2015 11:17:24 -0400 (EDT)
Received: from securerf.ihtfp.org (unknown [IPv6:fe80::ea2a:eaff:fe7d:235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id D8CD8E2035; Mon, 20 Apr 2015 11:17:24 -0400 (EDT)
Received: (from warlord@localhost) by securerf.ihtfp.org (8.14.8/8.14.8/Submit) id t3KFHN84020704; Mon, 20 Apr 2015 11:17:23 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net>
Date: Mon, 20 Apr 2015 11:17:22 -0400
In-Reply-To: <87d232lkb6.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Fri, 17 Apr 2015 13:46:21 -0400")
Message-ID: <sjmlhhmakxp.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/XDgjaeSNC995Jj5SqLrna9Kw7ig>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2015 15:17:32 -0000

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> Here's my attempt at clarification for why i find myself in this
> position:
>
> As an exercise, i tried to write down all the places that i expect
> fingerprints to be useful.  Perhaps surprisingly, i think there are not
> that many good use cases for fingerprints.  I came up with:
>
>  0) keyserver lookup -- Finding or retrieving a key on the basis of a
>     fingerprint.  If you have hte fingerprint, you should be able to get
>     a copy of the key.
>
>  1) key verification -- I have a copy of a key that i think might be
>     yours, and i want to confirm that it's yours without a mechanized
>     byte-for-byte comparison of the entire key.  This covers the "put it
>     on a slip of paper for out-of-band confirmation" use case.
>
> Are there actually any other use cases for the fingerprint?

Specified Revokers use the (binary) full fingerprint, not the
(truncated) keyID.

> Truncated fingerprints (which we call keyids) are also used in some
> workflows, for example, by some tools to provide a human-accessible
> handle for the key.  I don't think this is appropriate, as i've argued
> elsewhere:
>
>  https://www.debian-administration.org/users/dkg/weblog/105

It's important to have a keyserver API to lookup a key based on the
keyID in a signature.

> I should also be clear: i *don't* think we want a many different
> fingerprint variants.  I actually don't think we want more than one for
> OpenPGPv5.  And i don't think we should choose a design that will
> encourage people to pick their favorite fingerprint algorithm.
>
> Fingerprints are useful because everyone uses the same one.  I don't
> want to put have to two v5 fingerprints on my business card for the same
> key to satisfy two different fingerprint camps.  the transition period
> where i need a v4 fingerprint and a v5 fingerprint is going to be bad
> enough, let's not make that persistent.  If i put one form of a v5
> fingerprint on mine, and you put another, then any implementation that
> copes with them (keyservers; manual verifiers) will have to understand
> and work with them both.
>
>
> The fingerprint decisions i made came from these factors:
>
>  * version detection: how do we know that this is fingerprint format X?

Leading byte with the FPVNo.  (FingerPrint Version Number)

>  * truncation: how long is the fingerprint?  Is it acceptable to
>    truncate further?  If so, by how much?  Werner's note is also
>    relevant here as we move to ECC keys:
>
>      > Short fingerprints are important; if they are getting too long
>      > they won't serve a purpose because the public key could be used
>      > directly.
>
>    If we use a 256-bit fingerprint for a 255-bit curve25519 key, what's
>    the point?
>
>  * digest algorithm; we need preimage resistance; we do not need
>    collision resistance.

So you're saying we can stick with SHA1?  ;)

>  * what material gets digested; at a minmum, this is:
>     - the algorithm for the key (incl. any parameters)
>     - public key values (mpi's, bitstrings)
>       it's not clear to me that there is any advantage to adding
>       anything else here.

I still believe that the creation time (and key expiration time, if it
exists) should be included.

>  * what structure is used to frame the material before digest; v4 uses
>    an approximation of the public key packet format as a framing device,
>    but this ends up including the creation date.  we could use the ASN.1
>    SubjectPublicKeyInfo format (as phb suggests), though some people are
>    (probably understandably) allergic to ASN.1.  Or we could make up our
>    own structure, yuck!

Personally I like the current framing (because I do believe the creation
date should be included).

>  * human-representable form of the digest: e.g. hex, base32, common
>    hyphenation patterns, etc.  there are legibility/usability factors
>    here that i don't know enough to comment on.

I prefer either hex or base32.

> Did i miss any factors?
>
>     --dkg

-derek
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

v2.23.0 | Report a Bug | By Email