Re: [openpgp] v5 fingerprints in ECDH
Paul Wouters <paul@nohats.ca> Sun, 28 February 2021 17:15 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id AA11D3A1970
for <openpgp@ietfa.amsl.com>; Sun, 28 Feb 2021 09:15:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id RltrH2VJKco5 for <openpgp@ietfa.amsl.com>;
Sun, 28 Feb 2021 09:15:19 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id E841B3A196D
for <openpgp@ietf.org>; Sun, 28 Feb 2021 09:15:18 -0800 (PST)
Received: from localhost (localhost [IPv6:::1])
by mx.nohats.ca (Postfix) with ESMTP id 4DpVQD4k0Fz36p;
Sun, 28 Feb 2021 18:15:16 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca;
s=default; t=1614532516;
bh=zk2gI1bgAfafVtd2qyP+LKLW/X3uTwIM7aUws5LBEZw=;
h=Date:From:To:cc:Subject:In-Reply-To:References;
b=aWcn61gb7/l1LHh5MXwXMCGStic2sofoq+Mxx9OYY9s91Ext5Dyrt4jih6dg9V0N+
jgJPQjpHKQH3ZSyCajHkPme/Y7rIwE5DkurfbRfmzDp29kDH19fb4kQ5+Y7vaBpeqE
+6d/SZIaBsq7ZvEbZO9b2NwgL0DLgMmBFibyTLNo=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1])
by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024)
with ESMTP id Hn0LCpjXKIF4; Sun, 28 Feb 2021 18:15:15 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx.nohats.ca (Postfix) with ESMTPS;
Sun, 28 Feb 2021 18:15:14 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000)
id C164A6029B62; Sun, 28 Feb 2021 12:15:13 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
by bofh.nohats.ca (Postfix) with ESMTP id B8CC266B1E;
Sun, 28 Feb 2021 12:15:13 -0500 (EST)
Date: Sun, 28 Feb 2021 12:15:13 -0500 (EST)
From: Paul Wouters <paul@nohats.ca>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
cc: openpgp@ietf.org
In-Reply-To: <YDrSURVzasNsCV/S@camp.crustytoothpaste.net>
Message-ID: <9a245468-60f4-df3b-c0e6-5ffc93c1a630@nohats.ca>
References: <7d8bdda1-4e5c-6c10-f3cd-1d191fad595c@nohats.ca>
<YDrSURVzasNsCV/S@camp.crustytoothpaste.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/bYstQNOb_pamjj_36e1A7TfLGtg>
Subject: Re: [openpgp] v5 fingerprints in ECDH
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>,
<mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>,
<mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Feb 2021 17:15:21 -0000
On Sat, 27 Feb 2021, brian m. carlson wrote: > I noticed for v5 fingerprints we hash only the left 20 octets in the > ECDH KDF: > > 20 octets representing a recipient encryption subkey or a master > key fingerprint, identifying the key material that is needed for > the decryption. For version 5 keys the 20 leftmost octets of the > fingerprint are used. > > Absent a compelling reason, I'd prefer to see the entire fingerprint > used. It doesn't make sense to define a fingerprint that's 32 octets > and then truncate it to 20 octets in some cases. At that point, we're > relying on the collision resistance of a different algorithm, not > SHA-256, and decreasing the security level to below 128 bits. > > Note that if we do this, we'll need to update the text above and below > to reflect that the sizes are not invariant. I think whether or not this change can still be made depends on what has already been implemented. That is, are we describing what is already out there, or is this something new. If it is new, than this issue is worth getting consensus on. Can implementors share some light on this? Does anyone remember the origin of only using 20 octets and not all octets? Paul
- [openpgp] I-D Action: draft-ietf-openpgp-crypto-r… internet-drafts
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Paul Wouters
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Derek Atkins
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Robert J. Hansen
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Werner Koch
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Derek Atkins
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Ángel
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Ángel
- [openpgp] Incorporated RFC 6637: SHA2-384 recomme… Neal H. Walfield
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Neal H. Walfield
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Neal H. Walfield
- [openpgp] textual cleanup (no substantive changes) Neal H. Walfield
- [openpgp] Deprecate non-integrity-protected encry… Neal H. Walfield
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Neal H. Walfield
- Re: [openpgp] Deprecate non-integrity-protected e… Neal H. Walfield
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Daniel Kahn Gillmor
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Daniel Kahn Gillmor
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Daniel Kahn Gillmor
- [openpgp] Sec. Considerations MUST about S2K [was… Daniel Kahn Gillmor
- [openpgp] v5 fingerprints in ECDH brian m. carlson
- [openpgp] Curve448 in ECDH brian m. carlson
- Re: [openpgp] Sec. Considerations MUST about S2K … Peter Gutmann
- Re: [openpgp] Curve448 in ECDH Paul Wouters
- Re: [openpgp] v5 fingerprints in ECDH Paul Wouters
- Re: [openpgp] Curve448 in ECDH brian m. carlson
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Paul Wouters
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Paul Wouters
- Re: [openpgp] Curve448 in ECDH Paul Wouters
- Re: [openpgp] Curve448 in ECDH brian m. carlson
- Re: [openpgp] Sec. Considerations MUST about S2K … Ángel
- Re: [openpgp] ECC Curve OIDs section Ángel
- Re: [openpgp] who creates old-rfc registries? Ángel
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Ángel
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Neal H. Walfield
- Re: [openpgp] Sec. Considerations MUST about S2K … Ángel
- Re: [openpgp] Sec. Considerations MUST about S2K … Ángel
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Paul Wouters