IETF Logo Mail Archive

Re: [openpgp] Should signatures be rejected if the embedded hash prefix does not match?

Paul Wouters <paul@nohats.ca> Mon, 27 February 2023 16:39 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5099DC1516E3 for <openpgp@ietfa.amsl.com>; Mon, 27 Feb 2023 08:39:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XBuvkcYACk1I for <openpgp@ietfa.amsl.com>; Mon, 27 Feb 2023 08:39:04 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21686C14CE22 for <openpgp@ietf.org>; Mon, 27 Feb 2023 08:39:03 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4PQR5x4wFGz9nn; Mon, 27 Feb 2023 17:39:01 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1677515941; bh=QTPRGgZ53Jqv9ATKh8YUSRvycL+zS8jNBt4XXkFRNok=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=n1DxpvLw0kw3NmnJjIUiB3lgbHp7eiGpibC1T1JESVBLqfUU0wyGAbIcUVCwv+GxV 0QDx7A30hsNPN6OHXWM6Xels5R4K/GntPZ9uxzxDTrB7ze2tE3RW+VT7WmsM8rBJV6 y8WYaJw/1rUCaF/BeI/Q8djrFyCkwW2Yuh2jR9KQ=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 0n9FmCibyFS9; Mon, 27 Feb 2023 17:39:00 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 27 Feb 2023 17:39:00 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id DCD017D7AA9; Mon, 27 Feb 2023 11:38:59 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id D9C537D7AA8; Mon, 27 Feb 2023 11:38:59 -0500 (EST)
Date: Mon, 27 Feb 2023 11:38:59 -0500
From: Paul Wouters <paul@nohats.ca>
To: Justus Winter <justus@sequoia-pgp.org>
cc: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>, openpgp@ietf.org
In-Reply-To: <87v8jn5e4k.fsf@europ.lan>
Message-ID: <c967efb6-ecab-e093-f7ae-1381eed16f52@nohats.ca>
References: <87lekkts65.fsf@fifthhorseman.net> <d759691a-c447-f66d-b839-f1b87e6b89af@andrewg.com> <87y1oj5ltj.fsf@europ.lan> <edeb91b0-6e7e-fa35-c571-d16dff433871@andrewg.com> <87v8jn5e4k.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/dYFlfoh7JxP0Q_LpdT83mSfEpfI>
Subject: Re: [openpgp] Should signatures be rejected if the embedded hash prefix does not match?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2023 16:39:08 -0000

On Mon, 27 Feb 2023, Justus Winter wrote:

(speaking as individual)

> I think the takeaway should be:
>
> - Downstream users: Be diligent when selecting an OpenPGP
>  implementation.
> - Implementers: Engage in the standardization and interop testing
>  process.
> - Standards body: Require consumers to be strict to avoid this kind of
>  mess.
>
> What is it that you think we should take away from this?

That makes sense from T=0, but not at T=2 when a significant market
share is affected.

I would argue to only make v6 strict. It is new, and hopefully the
implementers behind the github code will at least implement that
one correctly if we point this out clearly in the RFC that not doing
so will cause failure.

Paul

v2.23.0 | Report a Bug | By Email