IETF Logo Mail Archive

Re: [openpgp] Algorithm-specific data: problems with Simple Octet Strings, and possible alternatives

Ángel <angel@16bits.net> Tue, 30 March 2021 23:28 UTC

Return-Path: <angel@16bits.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D76973A1572 for <openpgp@ietfa.amsl.com>; Tue, 30 Mar 2021 16:28:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cyl0egjweh_T for <openpgp@ietfa.amsl.com>; Tue, 30 Mar 2021 16:28:19 -0700 (PDT)
Received: from mail.direccionemail.com (mail.direccionemail.com [199.195.249.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFE853A1574 for <openpgp@ietf.org>; Tue, 30 Mar 2021 16:28:18 -0700 (PDT)
Message-ID: <94662237f3ae0ae5deacad3fa1a3dbec4b195d2a.camel@16bits.net>
From: Ángel <angel@16bits.net>
To: openpgp@ietf.org
Date: Wed, 31 Mar 2021 01:28:13 +0200
In-Reply-To: <87r1jypfbc.fsf@jumper.gniibe.org>
References: <87eeg42gti.fsf@fifthhorseman.net> <87im5ebfgf.fsf@iwagami.gniibe.org> <87r1jypfbc.fsf@jumper.gniibe.org>
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/c9bNcb6owh-N0bJHL9DOhgUA2hQ>
Subject: Re: [openpgp] Algorithm-specific data: problems with Simple Octet Strings, and possible alternatives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2021 23:28:22 -0000

Thanks gniibe, I think this makes it clearer.

Naming it "the length of the SOS in bits" seems a bit confusing, so
perhaps better to refer differently to that.


> The important point here is: There are multiple interpretations of
> "the length of the SOS in bits".
> 
> This means that canonicalizing SOS representation is not defined by
> the SOS handling itself.

But you *do* need a canonical representation, as notedd by dkg

Seems easy to solve, though. When you a SOS like [00 02 01] or [00 08
01] specify it must be computed as its canonical representation
(i.e. [00 01 01]). Although I would prefer to just reject them as
malformed.

You would still need to support reading a SOS with zero removal and
without, switching between those depending on the algorithm (eek), but
those would be two different representations, not nine.


This specification of SOS would be backwards compatible to MPI in that
values without leading zeroes would have the same representation in MPI
and SOS, and SOS would support reading a MPI-encoded value.


Main problem seem to be the signatures, where you have multiple
MPI/SOS.
Maybe someone can test how the different implementations in the
interoperability test suite behave when seeing signatures by Alice
without zero removal?
Probably most of them will consider it broken, but explicitly knowing
that is probably be an interesting answer nevertheless.


Best regards

v2.23.0 | Report a Bug | By Email