Re: Question about MDC Packets

David Shaw <dshaw@jabberwocky.com> Mon, 22 July 2002 20:49 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA07975 for <openpgp-archive@odin.ietf.org>; Mon, 22 Jul 2002 16:49:53 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g6MKfr705580 for ietf-openpgp-bks; Mon, 22 Jul 2002 13:41:53 -0700 (PDT)
Received: from claude.kendall.akamai.com (akafire.akamai.com [65.202.32.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g6MKfqw05576 for <ietf-openpgp@imc.org>; Mon, 22 Jul 2002 13:41:52 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.11.6/8.11.6) id g6MKfkK15552 for ietf-openpgp@imc.org; Mon, 22 Jul 2002 16:41:46 -0400
Date: Mon, 22 Jul 2002 16:41:46 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Question about MDC Packets
Message-ID: <20020722204146.GI1301@akamai.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <Pine.LNX.4.30.QNWS.0207221205190.15110-100000@thetis.deor.org> <B961AFBC.5D18%jon@callas.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <B961AFBC.5D18%jon@callas.org>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-URL: http://www.jabberwocky.com/
X-Phase-Of-Moon: The Moon is Waxing Gibbous (97% of Full)
User-Agent: Mutt/1.5.1i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Mon, Jul 22, 2002 at 12:49:00PM -0700, Jon Callas wrote:
> 
> On 7/22/02 12:10 PM, "Len Sassaman" <rabbi@quickie.net> wrote:
> 
> > In RFC 2440-bis5:5.13, it says:
> > 
> >  There is a corresponding feature in the features signature subpacket
> >  that denotes that an implementation can properly use this packet
> >  type. An implementation SHOULD NOT use this packet when encrypting
> >  to a recipient that does not state it can use this packet, and
> >  SHOULD prefer this to older Symmetrically Encrypted Data Packet when
> >  possible.
> > 
> > This doesn't, however, give any indication of what to do when using pure
> > symmetric encryption. What is the preferred behavior when symmetrically
> > encrypting a file using AES? Should an OpenPGP implementation use the MDC
> > by default?
> 
> Do you know anything about who is going to be decrypting it? Do you have
> some reasonable expectation they can understand it? If so, then yes.
> 
> There is nothing wrong with an implementation being somewhat weasely. If you
> make the guess that if someone wants to use AES, then the target is modern
> enough to understand an MDC, you'd probably be right. You could even
> convincingly harumph if someone does *not* use an MDC but went to the
> trouble to do AES.
> 
> Incidentally, it's important that people start using MDCs more.

FWIW, GnuPG does what Jon describes here and generates a MDC for AES
and TWOFISH.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson



Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g6MKfr705580 for ietf-openpgp-bks; Mon, 22 Jul 2002 13:41:53 -0700 (PDT)
Received: from claude.kendall.akamai.com (akafire.akamai.com [65.202.32.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g6MKfqw05576 for <ietf-openpgp@imc.org>rg>; Mon, 22 Jul 2002 13:41:52 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.11.6/8.11.6) id g6MKfkK15552 for ietf-openpgp@imc.org; Mon, 22 Jul 2002 16:41:46 -0400
Date: Mon, 22 Jul 2002 16:41:46 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Question about MDC Packets
Message-ID: <20020722204146.GI1301@akamai.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <Pine.LNX.4.30.QNWS.0207221205190.15110-100000@thetis.deor.org> <B961AFBC.5D18%jon@callas.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <B961AFBC.5D18%jon@callas.org>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-URL: http://www.jabberwocky.com/
X-Phase-Of-Moon: The Moon is Waxing Gibbous (97% of Full)
User-Agent: Mutt/1.5.1i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Mon, Jul 22, 2002 at 12:49:00PM -0700, Jon Callas wrote:
> 
> On 7/22/02 12:10 PM, "Len Sassaman" <rabbi@quickie.net> wrote:
> 
> > In RFC 2440-bis5:5.13, it says:
> > 
> >  There is a corresponding feature in the features signature subpacket
> >  that denotes that an implementation can properly use this packet
> >  type. An implementation SHOULD NOT use this packet when encrypting
> >  to a recipient that does not state it can use this packet, and
> >  SHOULD prefer this to older Symmetrically Encrypted Data Packet when
> >  possible.
> > 
> > This doesn't, however, give any indication of what to do when using pure
> > symmetric encryption. What is the preferred behavior when symmetrically
> > encrypting a file using AES? Should an OpenPGP implementation use the MDC
> > by default?
> 
> Do you know anything about who is going to be decrypting it? Do you have
> some reasonable expectation they can understand it? If so, then yes.
> 
> There is nothing wrong with an implementation being somewhat weasely. If you
> make the guess that if someone wants to use AES, then the target is modern
> enough to understand an MDC, you'd probably be right. You could even
> convincingly harumph if someone does *not* use an MDC but went to the
> trouble to do AES.
> 
> Incidentally, it's important that people start using MDCs more.

FWIW, GnuPG does what Jon describes here and generates a MDC for AES
and TWOFISH.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g6MJmvV04410 for ietf-openpgp-bks; Mon, 22 Jul 2002 12:48:57 -0700 (PDT)
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g6MJmtw04406 for <ietf-openpgp@imc.org>rg>; Mon, 22 Jul 2002 12:48:55 -0700 (PDT)
Received: from [63.73.97.182] (63.73.97.182) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.1.2); Mon, 22 Jul 2002 12:48:53 -0700
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Mon, 22 Jul 2002 12:49:00 -0700
Subject: Re: Question about MDC Packets
From: Jon Callas <jon@callas.org>
To: Len Sassaman <rabbi@quickie.net>et>, OpenPGP <ietf-openpgp@imc.org>
Message-ID: <B961AFBC.5D18%jon@callas.org>
In-Reply-To: <Pine.LNX.4.30.QNWS.0207221205190.15110-100000@thetis.deor.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 7/22/02 12:10 PM, "Len Sassaman" <rabbi@quickie.net> wrote:

> In RFC 2440-bis5:5.13, it says:
> 
>  There is a corresponding feature in the features signature subpacket
>  that denotes that an implementation can properly use this packet
>  type. An implementation SHOULD NOT use this packet when encrypting
>  to a recipient that does not state it can use this packet, and
>  SHOULD prefer this to older Symmetrically Encrypted Data Packet when
>  possible.
> 
> This doesn't, however, give any indication of what to do when using pure
> symmetric encryption. What is the preferred behavior when symmetrically
> encrypting a file using AES? Should an OpenPGP implementation use the MDC
> by default?

Do you know anything about who is going to be decrypting it? Do you have
some reasonable expectation they can understand it? If so, then yes.

There is nothing wrong with an implementation being somewhat weasely. If you
make the guess that if someone wants to use AES, then the target is modern
enough to understand an MDC, you'd probably be right. You could even
convincingly harumph if someone does *not* use an MDC but went to the
trouble to do AES.

Incidentally, it's important that people start using MDCs more.

    Jon



Received: by above.proper.com (8.11.6/8.11.3) id g6MJAMf29966 for ietf-openpgp-bks; Mon, 22 Jul 2002 12:10:22 -0700 (PDT)
Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g6MJAFw29947 for <ietf-openpgp@imc.org>rg>; Mon, 22 Jul 2002 12:10:19 -0700 (PDT)
Received: by thetis.deor.org (Postfix, from userid 500) id 82AFE45069; Mon, 22 Jul 2002 12:10:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id 7059148026 for <ietf-openpgp@imc.org>rg>; Mon, 22 Jul 2002 12:10:10 -0700 (PDT)
Date: Mon, 22 Jul 2002 12:10:10 -0700 (PDT)
From: Len Sassaman <rabbi@quickie.net>
X-Sender:  <rabbi@thetis.deor.org>
To: <ietf-openpgp@imc.org>
Subject: Question about MDC Packets
Message-ID: <Pine.LNX.4.30.QNWS.0207221205190.15110-100000@thetis.deor.org>
X-AIM: Elom777
X-icq: 10735603
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

In RFC 2440-bis5:5.13, it says:

   There is a corresponding feature in the features signature subpacket
   that denotes that an implementation can properly use this packet
   type. An implementation SHOULD NOT use this packet when encrypting
   to a recipient that does not state it can use this packet, and
   SHOULD prefer this to older Symmetrically Encrypted Data Packet when
   possible.

This doesn't, however, give any indication of what to do when using pure
symmetric encryption. What is the preferred behavior when symmetrically
encrypting a file using AES? Should an OpenPGP implementation use the MDC
by default?


--Len.









Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g6FI7HY26366 for ietf-openpgp-bks; Mon, 15 Jul 2002 11:07:17 -0700 (PDT)
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g6FI7Gw26359 for <ietf-openpgp@imc.org>rg>; Mon, 15 Jul 2002 11:07:16 -0700 (PDT)
Received: from [169.254.115.243] (12.234.4.140) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.1.2); Mon, 15 Jul 2002 11:07:18 -0700
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Mon, 15 Jul 2002 11:07:32 -0700
Subject: Re: Is PGP Freeware v6.5.8 compatible with Windows XP? 
From: Jon Callas <jon@callas.org>
To: g kare <gkare@hotmail.com>om>, OpenPGP <ietf-openpgp@imc.org>
Message-ID: <B9585D74.57DD%jon@callas.org>
In-Reply-To: <F70OCii6NnIIJ7lWGj300011ae6@hotmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 7/15/02 10:13 AM, "g kare" <gkare@hotmail.com> wrote:

> Is PGP Freeware v6.5.8 compatible with Windows XP?
> 
> Thanks!

You should ask at <pgp-users@cryptorights.org>rg>. They handle user software.
This list is about the standard and protocol, not any of the actual products
like PGP or GPG.

    Jon



Received: by above.proper.com (8.11.6/8.11.3) id g6FHDE024330 for ietf-openpgp-bks; Mon, 15 Jul 2002 10:13:14 -0700 (PDT)
Received: from hotmail.com (f70.law10.hotmail.com [64.4.15.70]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g6FHDDw24325 for <ietf-openpgp@imc.org>rg>; Mon, 15 Jul 2002 10:13:13 -0700 (PDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 15 Jul 2002 10:13:06 -0700
Received: from 64.81.200.66 by lw10fd.law10.hotmail.msn.com with HTTP; Mon, 15 Jul 2002 17:13:06 GMT
X-Originating-IP: [64.81.200.66]
From: "g kare" <gkare@hotmail.com>
To: ietf-openpgp@imc.org
Subject: Is PGP Freeware v6.5.8 compatible with Windows XP? 
Date: Mon, 15 Jul 2002 17:13:06 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F70OCii6NnIIJ7lWGj300011ae6@hotmail.com>
X-OriginalArrivalTime: 15 Jul 2002 17:13:06.0449 (UTC) FILETIME=[E2BF4010:01C22C22]
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Hello,

Is PGP Freeware v6.5.8 compatible with Windows XP?

Thanks!

Gary



_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx



Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g6CHo7c28250 for ietf-openpgp-bks; Fri, 12 Jul 2002 10:50:07 -0700 (PDT)
Received: from crystal.i-net.gr (foobar@afa4pc93.aua.gr [143.233.187.93]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g6CHo4w28241 for <ietf-openpgp@imc.org>rg>; Fri, 12 Jul 2002 10:50:04 -0700 (PDT)
Received: from nmav by crystal.i-net.gr with local (Exim 3.32 #1 (Debian)) id 17T4V3-0003ct-00 for <ietf-openpgp@imc.org>rg>; Fri, 12 Jul 2002 20:46:37 +0300
Date: Fri, 12 Jul 2002 13:26:11 +0300
From: Nikos Mavroyanopoulos <nmav@gnutls.org>
To: ietf-openpgp@imc.org, ietf-tls@lists.certicom.com
Subject: draft-ietf-tls-openpgp-keys
Message-ID: <20020712102611.GA1612@gnutls.org>
Mail-Followup-To: ietf-openpgp@imc.org, ietf-tls@lists.certicom.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
X-PGP-KeyID: B15C37D1
X-Request-PGP: finger:nmav@members.hellug.gr
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

 Currently we have two internet drafts that both describe a way to
use TLS with openpgp keys. The differences between them seem to be
artistic[0], and can be concluded to whether the extension mechanism
should be used, or new ciphersuites should be defined.

Now both of them have a working implementation, and this shows that
there is indeed interest in TLS with openpgp keys.


So I'd like to ask the TLS WG, if there are any objections against TLS with 
openpgp keys? Is there any interest to move any of these drafts to RFC
status?

If we decide that this functionality is needed and requested, we can proceed 
and choose which one to move. But I believe that this should be done later,
in a technical discussion.

Since the reason of not moving any of these drafts to RFC status was the 
lack of support, if you support any of these drafts, please express your 
support in the ietf-tls mailing list.


PS. the drafts can be found at:
http://www.ietf.org/internet-drafts/draft-ietf-tls-openpgp-02.txt
http://www.ietf.org/internet-drafts/draft-ietf-tls-openpgp-keys-01.txt


[0]. I have a strong objection against the keyID as used in the 
draft-ietf-tls-openpgp-02.txt, but this is rather technical and can
be discussed afterwards.

-- 
Nikos Mavroyanopoulos
mailto:nmav@gnutls.org


Received: by above.proper.com (8.11.6/8.11.3) id g62Duhb14845 for ietf-openpgp-bks; Tue, 2 Jul 2002 06:56:43 -0700 (PDT)
Received: from claude.kendall.akamai.com (walrus.ne.client2.attbi.com [65.96.217.88]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g62Dufw14837 for <ietf-openpgp@imc.org>rg>; Tue, 2 Jul 2002 06:56:41 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.11.6/8.11.6) id g62DuVK07245 for ietf-openpgp@imc.org; Tue, 2 Jul 2002 09:56:31 -0400
Date: Tue, 2 Jul 2002 09:56:31 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: Re: How to handle photoID on keyserver?  (Re: photo support?)
Message-ID: <20020702135631.GA2359@akamai.com>
Mail-Followup-To: ietf-openpgp@imc.org
References: <200207020217.LAA29680@blue.h2np.net> <000f01c22185$20950800$c23fa8c0@transarc.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <000f01c22185$20950800$c23fa8c0@transarc.ibm.com>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-URL: http://www.jabberwocky.com/
X-Phase-Of-Moon: The Moon is Waning Gibbous (55% of Full)
User-Agent: Mutt/1.5.1i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Tue, Jul 02, 2002 at 12:58:35AM -0400, Michael Young wrote:

> PGP doesn't use images anywhere near this size.  David Shaw
> suggested that GnuPG will accept any size image, but even so,
> I doubt that many people will attach such a large image
> to their key.  [I might suggest that GnuPG refuse large
> images by default, perhaps overridden with its "-expert" flag.]

GnuPG does something similar to this - any image over 6k is refused
unless the user confirms it.  (i.e. "This image is really large!  Are
you sure you want to use it?" and the default is "no")

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g624xDp02577 for ietf-openpgp-bks; Mon, 1 Jul 2002 21:59:13 -0700 (PDT)
Received: from smtprelay7.dc2.adelphia.net (smtprelay7.dc2.adelphia.net [64.8.50.39]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g624x1w02571 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 21:59:11 -0700 (PDT)
Received: from mwyoung ([24.48.51.230]) by smtprelay7.dc2.adelphia.net (Netscape Messaging Server 4.15 smtprelay7 Dec  7 2001 09:58:59) with SMTP id GYLV6C01.R49 for <ietf-openpgp@imc.org>rg>; Tue, 2 Jul 2002 00:59:00 -0400 
Message-ID: <000f01c22185$20950800$c23fa8c0@transarc.ibm.com>
From: "Michael Young" <mwy-opgp97@the-youngs.org>
To: <ietf-openpgp@imc.org>
References: <200207020217.LAA29680@blue.h2np.net>
Subject: Re: How to handle photoID on keyserver?  (Re: photo support?) 
Date: Tue, 2 Jul 2002 00:58:35 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Subject: Re: How to handle photoID on keyserver?  (Re: photo support?) 

PGP doesn't use images anywhere near this size.  David Shaw
suggested that GnuPG will accept any size image, but even so,
I doubt that many people will attach such a large image
to their key.  [I might suggest that GnuPG refuse large
images by default, perhaps overridden with its "-expert" flag.]

I'd also guess that a 3% usage rate is very high.  The vast
majority of the keys on the public servers don't have any
signatures (other than self-).

>   Someone who is not owner of that public key can put public key
>   with PhotoID into public keyserver.  And everyone can get someone's
>   public key with PhotoID.

Yes, anyone can post a key claiming any identity.  This is
really nothing new.

If you're worried about people attaching bogus identities to
established keys, your keyserver could reject those without
self-signatures.  (Most of the keyservers do no verification
at all right now, so this would be a significant change.)

And yes, you could reject photoID packets (and any associated
signatures) if you think size is a problem.  (Even if you
reject them, I would encourage you to leave them in your
sync stream to other keyservers, as they may have a more
permissive policy.)

> I mean if dump key size is 15GB, HDD size is required 60GB at least.

I'm curious as to why this would be.  I can understand some
blowup because of indexing structures, but since you aren't
indexing the photoID packets anyway, I wouldn't expect the
same factor you have now.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPSEy61MkvpTT8vCGEQIkYQCdEFBasKHCOGY8Avnh53CXDEbdLHcAn0Ff
LL+/kSzUo5R3jN1mXDBCcoco
=jAKp
-----END PGP SIGNATURE-----




Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g623q3900807 for ietf-openpgp-bks; Mon, 1 Jul 2002 20:52:03 -0700 (PDT)
Received: from claude.kendall.akamai.com (walrus.ne.client2.attbi.com [65.96.217.88]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g623q2w00803 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 20:52:02 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.11.6/8.11.6) id g623pwu01980 for ietf-openpgp@imc.org; Mon, 1 Jul 2002 23:51:58 -0400
Date: Mon, 1 Jul 2002 23:51:58 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: Re: How to handle photoID on keyserver?  (Re: photo support?)
Message-ID: <20020702035158.GB1833@akamai.com>
Mail-Followup-To: ietf-openpgp@imc.org
References: <ilusn33qn5i.fsf@latte.josefsson.org> <200207020217.LAA29680@blue.h2np.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200207020217.LAA29680@blue.h2np.net>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-URL: http://www.jabberwocky.com/
X-Phase-Of-Moon: The Moon is Waning Gibbous (56% of Full)
User-Agent: Mutt/1.5.1i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Tue, Jul 02, 2002 at 11:16:11AM +0900, Hironobu SUZUKI wrote:

> 2) Privacy issue:
> 
>   Someone who is not owner of that public key can put public key
>   with PhotoID into public keyserver.  And everyone can get someone's
>   public key with PhotoID.

Anyone can upload *any* public key to a keyserver or distribute it via
whatever means they like.  This is the same "risk" as someone
uploading a key with my email address on it.  If I do not want my
photograph (or email address, name, public key, etc.)  made public,
then... I should not make it public.

> I think that most OpenPGP users concern privacy issue.  Size issue
> become problem to some public keyserver sites.  From my experience,
> entire of storage size for handling public keysever may require 4
> times (or more) of whole of public keys. I mean if dump key size is
> 15GB, HDD size is required 60GB at least.
> 
> In my opinion, if public key with photoID is submitted public
> keyserver, public keyserver remove photoID and related signature
> packets and store the remains of packates into database.

Any keyserver operator is free to do this.  Conversely, any keyserver
operator is free to not do this.  Some keyservers have been storing
keys with photo IDs on them for years.  Some keyservers have been
removing photo IDs for years[1].

Where's the problem?

David

[1] Admittedly, pksd removes photo IDs because it doesn't understand
    them, and not due to a design choice, but the effect is the same.

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g622GAT28240 for ietf-openpgp-bks; Mon, 1 Jul 2002 19:16:10 -0700 (PDT)
Received: from blue.h2np.net (bule.h2np.net [210.145.219.253] (may be forged)) by above.proper.com (8.11.6/8.11.3) with ESMTP id g622G8w28235 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 19:16:09 -0700 (PDT)
Received: from mail.h2np.net (IDENT:hironobu@pc [192.168.1.10]) by blue.h2np.net (8.9.3/8.9.3) with ESMTP id LAA29680 for <ietf-openpgp@imc.org>rg>; Tue, 2 Jul 2002 11:17:11 +0900
Message-Id: <200207020217.LAA29680@blue.h2np.net>
From: Hironobu SUZUKI <hironobu@h2np.net>
To: ietf-openpgp@imc.org
Subject: How to handle photoID on keyserver?  (Re: photo support?) 
In-reply-to: Your message of "Mon, 01 Jul 2002 21:11:05 +0200." <ilusn33qn5i.fsf@latte.josefsson.org> 
Date: Tue, 02 Jul 2002 11:16:11 +0900
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Hi, 

I have some questions about PhotoID  in public keyserver. 

  Note: public keyserver means "key server which is open to the
        public". 

  See also:
         http://galileo.spaceports.com/~jharris/keyserver.html


1) Size issue: 

  If 3% public keys have 1280 x 960 jpeg photo, Public keyserver will
  require storage area more than 13.7GB (at least).

   a) 1280 x 960 jpeg is used the default size of many digital camera.
   b) ((300 * 2^10) * (1.6 * 10^6 * 0.03)) / (2^30) = 13.732
   c) 1.6Mkeys have been submitted into current public keyserver
      and key dump size is almost 2GB.
   
2) Privacy issue:

  Someone who is not owner of that public key can put public key
  with PhotoID into public keyserver.  And everyone can get someone's
  public key with PhotoID.

I think that most OpenPGP users concern privacy issue.  Size issue
become problem to some public keyserver sites.  From my experience,
entire of storage size for handling public keysever may require 4
times (or more) of whole of public keys. I mean if dump key size is
15GB, HDD size is required 60GB at least.

In my opinion, if public key with photoID is submitted public
keyserver, public keyserver remove photoID and related signature
packets and store the remains of packates into database.

Regards,

-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g61LuOM17902 for ietf-openpgp-bks; Mon, 1 Jul 2002 14:56:24 -0700 (PDT)
Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g61LuMw17897 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 14:56:22 -0700 (PDT)
Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id RAA03920 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 17:44:05 -0400 (EDT)
Received: from mwyoung (dhcp-196-35.transarc.ibm.com [9.38.196.235]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id RAA29085 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 17:56:09 -0400 (EDT)
Message-ID: <010701c22149$f693b640$ebc42609@transarc.ibm.com>
From: "Michael Young" <mwy-opgp97@the-youngs.org>
To: <ietf-openpgp@imc.org>
References: <ilusn33qn5i.fsf@latte.josefsson.org> <OE50o8HKHT0cWL0Wu330000105e@hotmail.com>
Subject: Re: photo support?
Date: Mon, 1 Jul 2002 17:55:04 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Subject: Re: photo support?

From: "vedaal" <vedaal@hotmail.com>
> this can lead to an overburdening of servers with 'bloated' keys, with
> whatever someone may decide to want to 'store'.

This is hardly unique to the "photo ID" field.  It would be easy to "store"
arbitary content in:
    a notation subpacket in a valid signature;
    signature MPIs;
    user names; or, even
    public key MPIs.

It is impossible to prevent this sort of abuse without seriously impairing
legitimate use of the public keyservers.

One man's garbage is another man's key.

> it might be worthwhile to consider some maximal size for a recommended
> standard, which can be implemented by the servers
> refusing to accept a key greater than a certain size.

A size recommendation seems reasonable, as an implementation guideline.
A strict limit in the protocol seems most unreasonable.

This kind of restriction alone won't prevent abuse.  It's only the tip
of the iceberg.

Key servers owners can always implement any restrictive policy they
want.  I would urge them not to hack at specific small holes unless
there is an actual problem.  If a bug in a widely used implementation
were to start generating this sort of junk, then I might act.  But
that hasn't been a serious problem yet.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPSDPo1MkvpTT8vCGEQInywCfcAp6qIz2nxa9mmWBFXoXg73vV0YAn0L0
5Gv1fb05x7f2NwO3u2A+mG/1
=DIp+
-----END PGP SIGNATURE-----




Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g61LtWj17846 for ietf-openpgp-bks; Mon, 1 Jul 2002 14:55:32 -0700 (PDT)
Received: from claude.kendall.akamai.com (akafire.akamai.com [65.202.32.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g61LtVw17841 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 14:55:31 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.11.6/8.11.6) id g61LtQ621194 for ietf-openpgp@imc.org; Mon, 1 Jul 2002 17:55:26 -0400
Date: Mon, 1 Jul 2002 17:55:26 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: Re: photo support?
Message-ID: <20020701215526.GD19461@akamai.com>
Mail-Followup-To: ietf-openpgp@imc.org
References: <ilusn33qn5i.fsf@latte.josefsson.org> <OE50o8HKHT0cWL0Wu330000105e@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <OE50o8HKHT0cWL0Wu330000105e@hotmail.com>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-URL: http://www.jabberwocky.com/
X-Phase-Of-Moon: The Moon is Waning Gibbous (58% of Full)
User-Agent: Mutt/1.5.1i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Mon, Jul 01, 2002 at 03:49:24PM -0400, vedaal wrote:

> > Is there a standardized way to embed photos in OpenPGP keys?  Anyone
> > interested in writing such a standard?
> 
> as it is now, it is definitely 'different' for PGP and GnuPG.
> 
> PGP compresses the .jpg into the photo id, and does not export it when
> exporting the key.
> 
> GnuPG leaves the .jpg intact as added by the user, and exports it intact as
> part of the .asc
> 
> if PGP downloads a public key with a photo id, that was generated by GnuPG,
> it will export a photo as part of the .asc, but 'altered/compressed'.
> the exported .asc of the public key will be different than the exported .asc
> of the GnuPG key.

Altered or compressed in what way?  If PGP changes the photo, then it
would break all signatures on the photo ID.

PGP does alter the photo when you paste it in (converts it to jpeg and
shrinks it), but once it's in the key, it does not change it.  GnuPG
requires a jpeg from the user and does not change it.  Either of these
is fine, since the spec says nothing about what happens to the photo
before it is placed into the key.

It does not matter if the ascii-armored representation of the key is
different between GnuPG and PGP.  This does not necessarily mean that
the photo has been changed.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g61L8Je15293 for ietf-openpgp-bks; Mon, 1 Jul 2002 14:08:19 -0700 (PDT)
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g61L8Iw15289 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 14:08:18 -0700 (PDT)
Received: (from hal@localhost) by finney.org (8.11.6/8.11.6) id g61KvSc20684; Mon, 1 Jul 2002 13:57:28 -0700
Date: Mon, 1 Jul 2002 13:57:28 -0700
From: "Hal Finney" <hal@finney.org>
Message-Id: <200207012057.g61KvSc20684@finney.org>
To: ietf-openpgp@imc.org, vedaal@hotmail.com
Subject: Re: photo support?
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Vedaal writes:
> if PGP downloads a public key with a photo id, that was generated by GnuPG,
> it will export a photo as part of the .asc, but 'altered/compressed'.
> the exported .asc of the public key will be different than the exported .asc
> of the GnuPG key.

I don't think it re-compresses the JPEG, I'm not aware of any code that
would do that.  However it is possible that there is some incompatibility
between GPG and PGP in the handling of photo IDs.  Can you provide me
with a GPG-created key with a photo ID, and I will see what happens to
it with PGP.

Hal Finney


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g61L6vI15258 for ietf-openpgp-bks; Mon, 1 Jul 2002 14:06:57 -0700 (PDT)
Received: from claude.kendall.akamai.com (akafire.akamai.com [65.202.32.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g61L6uw15254 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 14:06:56 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.11.6/8.11.6) id g61L6rP19354 for ietf-openpgp@imc.org; Mon, 1 Jul 2002 17:06:53 -0400
Date: Mon, 1 Jul 2002 17:06:53 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: Re: photo support?
Message-ID: <20020701210653.GA19242@akamai.com>
Mail-Followup-To: ietf-openpgp@imc.org
References: <ilusn33qn5i.fsf@latte.josefsson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ilusn33qn5i.fsf@latte.josefsson.org>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-URL: http://www.jabberwocky.com/
X-Phase-Of-Moon: The Moon is Waning Gibbous (58% of Full)
User-Agent: Mutt/1.5.1i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Mon, Jul 01, 2002 at 09:11:05PM +0200, Simon Josefsson wrote:
> 
> Is there a standardized way to embed photos in OpenPGP keys?

Yes.  I documented the existing PGP method for the latest 2440bis
draft.  Both PGP and GnuPG use this method.

It is actually a very general "embed anything" system.  Photos are
just the only currently defined attribute to be embedded.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g61KhSe14356 for ietf-openpgp-bks; Mon, 1 Jul 2002 13:43:28 -0700 (PDT)
Received: from hotmail.com (oe50.law3.hotmail.com [209.185.240.218]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g61KhQw14352 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 13:43:26 -0700 (PDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 1 Jul 2002 13:43:24 -0700
X-Originating-IP: [207.127.12.210]
From: "vedaal" <vedaal@hotmail.com>
To: <ietf-openpgp@imc.org>
References: <ilusn33qn5i.fsf@latte.josefsson.org>
Subject: Re: photo support?
Date: Mon, 1 Jul 2002 15:49:24 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Message-ID: <OE50o8HKHT0cWL0Wu330000105e@hotmail.com>
X-OriginalArrivalTime: 01 Jul 2002 20:43:24.0484 (UTC) FILETIME=[F1E61840:01C2213F]
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

----- Original Message -----
From: "Simon Josefsson" <jas@extundo.com>
To: <ietf-openpgp@imc.org>
Sent: Monday, July 01, 2002 3:11 PM
Subject: photo support?

> Is there a standardized way to embed photos in OpenPGP keys?  Anyone
> interested in writing such a standard?

as it is now, it is definitely 'different' for PGP and GnuPG.

PGP compresses the .jpg into the photo id, and does not export it when
exporting the key.

GnuPG leaves the .jpg intact as added by the user, and exports it intact as
part of the .asc

if PGP downloads a public key with a photo id, that was generated by GnuPG,
it will export a photo as part of the .asc, but 'altered/compressed'.
the exported .asc of the public key will be different than the exported .asc
of the GnuPG key.

as a side-issue,
since the .jpg of a GnuPG generated photo-id is left intact,
it is possible to steganographically embed data within the key id photo
which can be retrieved intact from anywhere by downloading the key from an
ldap server.

it is possible to store a conventionally encrypted pgp file containing a
revocation certificate and passphrase for the key, and still have the .jpg
size at 4k,

but it is also possible to store the private key too, but with a .jpg
carrier size of 20 k.

this can lead to an overburdening of servers with 'bloated' keys, with
whatever someone may decide to want to 'store'.

it might be worthwhile to consider some maximal size for a recommended
standard, which can be implemented by the servers
refusing to accept a key greater than a certain size.

a reasonable size would be the size of existing typical keys with photo
id's, with a .jpg size of 4k.
{for illustration purposes, PRZ's photo size is 3.7k}

vedaal



Received: by above.proper.com (8.11.6/8.11.3) id g61JB7u07575 for ietf-openpgp-bks; Mon, 1 Jul 2002 12:11:07 -0700 (PDT)
Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g61JB3w07560 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 12:11:04 -0700 (PDT)
Received: from latte (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.5/8.12.5) with ESMTP id g61JB46w014182 for <ietf-openpgp@imc.org>rg>; Mon, 1 Jul 2002 21:11:04 +0200
To: ietf-openpgp@imc.org
Subject: photo support?
X-Hashcash: 020701:ietf-openpgp@imc.org:6e738e26c3377744
From: Simon Josefsson <jas@extundo.com>
Date: Mon, 01 Jul 2002 21:11:05 +0200
Message-ID: <ilusn33qn5i.fsf@latte.josefsson.org>
Lines: 2
User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2 (i386-debian-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Is there a standardized way to embed photos in OpenPGP keys?  Anyone
interested in writing such a standard?