Re: [openpgp] Revocations of third-party certifications (TPK+"CRL") [was: draft-dkg-openpgp-abuse-resistant-keystore-04.txt]
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 26 August 2019 18:43 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45D361200FF for <openpgp@ietfa.amsl.com>; Mon, 26 Aug 2019 11:43:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=BBQpov7s; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=gLV/jn7m
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RKyR6qcOjTk7 for <openpgp@ietfa.amsl.com>; Mon, 26 Aug 2019 11:43:21 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 519A1120C47 for <openpgp@ietf.org>; Mon, 26 Aug 2019 11:43:21 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1566845000; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=Hj3UNKFYw2U3dMGpXMGgG0OJYQ9NgQQp7m4Rm4lBDcc=; b=BBQpov7suNZ1DC4vXCiwYYfex4jCt9Vyw3WWHnoCf/x0yYRwOqJ4oRS8 r2WRWpgL3cMVPGmkOEFjm5to+TdiAQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1566845000; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=Hj3UNKFYw2U3dMGpXMGgG0OJYQ9NgQQp7m4Rm4lBDcc=; b=gLV/jn7m5Z/6/9TiwBSpQOzuqW6nHHb5/dCbmeBDmomzMzPVyS9jl7lv HB7fV0LB359Ed59RKwfAjGHYRzl8HcCAHUVv5DYOY7HQoaugK3csFgt7pt ePeuQX6BdzSHLm/sa2ay99MdUv3S0TCSYakSTJLvSI24fLOYSgYt1Bn/AF U41H+O/8SnZb3Ko3PdNkSEYoSKh5lUhv1HsLzbUi8NBJX5I5qw/loY4R2+ PweQi8o7eI42/Z4YO6krTEad0QupnoK6axhWO03rJDv/h/y6S9PJIwTtRy us+SQRwLyef8g4pyckdcMe4LYlmJIbCNsr16kXaKbXedhylFrVJJKw==
Received: from fifthhorseman.net (unknown [IPv6:2001:470:1f07:60d:c41:39ff:fef3:974f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id F3B87F99D; Mon, 26 Aug 2019 14:43:19 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 2915020299; Mon, 26 Aug 2019 14:43:16 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: openpgp@ietf.org
In-Reply-To: <20190826071911.GE84368@kduck.mit.edu>
References: <156650274021.14785.10325255315266801149.idtracker@ietfa.amsl.com> <875zmodi1v.fsf@fifthhorseman.net> <8736hsdfm4.fsf@fifthhorseman.net> <20190826071911.GE84368@kduck.mit.edu>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Mon, 26 Aug 2019 14:43:15 -0400
Message-ID: <87blwbbwe4.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/cF7mOSurEd6xulB3Hohm3Uw-5vo>
Subject: Re: [openpgp] Revocations of third-party certifications (TPK+"CRL") [was: draft-dkg-openpgp-abuse-resistant-keystore-04.txt]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2019 18:43:24 -0000
On Mon 2019-08-26 02:19:12 -0500, Benjamin Kaduk wrote: > On Thu, Aug 22, 2019 at 06:01:23PM -0400, Daniel Kahn Gillmor wrote: >> Note that this only works if there is a well-established convention >> about what digest algorithm to use. I don't want to keep a SHA256 and a >> SHA512 and a blake2b index of all the certifications i know about. Note >> also that SHA256 isn't used here for strong cryptographic purposes -- >> it's just a hash table indexer. > > This sounds an awful lot like (my understanding of) what PHB's UDF [1] > (uniform data fingerprint) is supposed to be. Sadly, I've not had time > yet to give it a proper read... > > [1] https://tools.ietf.org/html/draft-hallambaker-mesh-udf I don't think that this is the same thing as i'm proposing above -- my understanding is that PHB's UDF is intended to have some level of cryptographic resilience -- to collisions at least, and maybe to pre-images in some contexts. In the scheme i've proposed above, the digest is simply used to find a certification in an index. It could conceivably be non-unique, even, since the verification is expected to be done over the full underlying certification data. (i.e. it's an index to a non-keyed hashtable) To avoid malicious attacks against the efficiency of the non-keyed hashtable (e.g. if we used CRC32, an adversary could flood the user with certifications that produce identical checksums, reducing them to linear search), we probably *do* want it to be collision-resistant, but it's not going to need the same level of cryptographic rigor that we'd need for a fingerprint, where the fingerprint itself is used to prove identity of data. --dkg
- [openpgp] [internet-drafts@ietf.org] New Version … Daniel Kahn Gillmor
- [openpgp] Revocations of third-party certificatio… Daniel Kahn Gillmor
- Re: [openpgp] Revocations of third-party certific… vedaal
- Re: [openpgp] Revocations of third-party certific… Daniel Kahn Gillmor
- Re: [openpgp] Revocations of third-party certific… Benjamin Kaduk
- Re: [openpgp] Revocations of third-party certific… Daniel Kahn Gillmor
- Re: [openpgp] Revocations of third-party certific… Jon Callas
- Re: [openpgp] Revocations of third-party certific… Daniel Kahn Gillmor
- Re: [openpgp] Revocations of third-party certific… Jon Callas
- Re: [openpgp] Revocations of third-party certific… Daniel Kahn Gillmor
- Re: [openpgp] Revocations of third-party certific… Peter Gutmann
- Re: [openpgp] Revocations of third-party certific… Benjamin Kaduk
- Re: [openpgp] Revocations of third-party certific… Jon Callas