Re: [openpgp] Fingerprints
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 15 April 2015 20:46 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BF071A8AA0 for <openpgp@ietfa.amsl.com>; Wed, 15 Apr 2015 13:46:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.422
X-Spam-Level: *
X-Spam-Status: No, score=1.422 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYaXwUBNZ2QO for <openpgp@ietfa.amsl.com>; Wed, 15 Apr 2015 13:46:34 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D92A1A8A9E for <openpgp@ietf.org>; Wed, 15 Apr 2015 13:46:25 -0700 (PDT)
Received: by lagv1 with SMTP id v1so42009116lag.3 for <openpgp@ietf.org>; Wed, 15 Apr 2015 13:46:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=lJMJi9UhbK/cBQ6XyXW6wGyOL4Y3KUc4ttZYcl0ovnc=; b=ZvNw2AHWUxu6MPiLEbrBYIwHMsqAg5jI1kDNhiKxFsP6fu4RnA1XpKdkTfQujeBaqI JueY1FwHMg3WxLZLqQq1m6TsglYeOdlFSjEG5sqThw70DXFUcEoiiM8dSa6MnSHwJMcf Mh0r85qMTlBIznIuLHbV8tFFS2PCEqG16kknvjyIoWhaORzKbJBFtKu3y1cfCvfwWAvm rQ3qpuuLDaMLR/E14ISQ2qv95uh9p8tCdIyYX5iR8FFOjR6MBbiM0TW+BmZb5lvQxnqG rGvFDO6fZRgpnRo1DpMT79qvdwFXC0anZWPfk545ryjsw7F5vPIKaMqaYXay7tafZF0E IXCQ==
MIME-Version: 1.0
X-Received: by 10.112.151.226 with SMTP id ut2mr7921693lbb.55.1429130783866; Wed, 15 Apr 2015 13:46:23 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.147.165 with HTTP; Wed, 15 Apr 2015 13:46:22 -0700 (PDT)
In-Reply-To: <1429128262.1702.41.camel@scientia.net>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87y4m0ozlt.fsf@vigenere.g10code.de> <20150415135105.GJ3106@singpolyma-liberty> <FE2717DC-3950-4536-B83D-BD005D2F26A6@callas.org> <1429128262.1702.41.camel@scientia.net>
Date: Wed, 15 Apr 2015 16:46:22 -0400
X-Google-Sender-Auth: vwkQqVOxoyFVNpzbMqCq012kQrM
Message-ID: <CAMm+LwhHkRNDUT9H9=RV-caqPiWpe9OBriR8pSsoA1PqKf6C-Q@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Christoph Anton Mitterer <calestyo@scientia.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/dhDxS4gaHS35j86g5S9MHB2nOgo>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 20:46:35 -0000
On Wed, Apr 15, 2015 at 4:04 PM, Christoph Anton Mitterer <calestyo@scientia.net> wrote: > On Wed, 2015-04-15 at 12:11 -0700, Jon Callas wrote: >> There was a proposal that floated around that defined an extended >> fingerprint to be an algorithm number followed by the actual bits. >> For example, ASCII-fied 23:ABCDEF0123...FF. There's an obvious binary >> representation. There's an obvious way to truncate that as well -- >> just decide if you truncate little-endian or big. (Personally, despite >> being a little-endian bigot, this is a place where network byte order >> is even to me the obvious win.) The ni scheme I linked to does essentially that. What we are discussing here is essentially the same thing only with a slightly different syntax. It is not necessary to separate the algorithm ID from the fingerprint. >> The major advantage of this is that you can define it and then you >> never have to change it again. We don't have to have any arguments >> over what hash function is proper to use, etc. An implementation can >> decide to support or not support whatever. > +1 > > But shouldn't one define better the number to be either a string? > Sure a one byte number with 255 possible future algorithms seem plenty > enough, but people also once thought that about 32bit IPv4 addresses, > two digit year numbers and so on. It isn't necessary. We just use the same trick Ken Thompson used to create UTF8. Let us say we choose the first 5 bits to be the algorithm identifier giving us a maximum of 32 code points Now let us say that we have allocated 16 code points. This means that any fingerprint which begins with the byte 00000xxx - 01111xxx has to use one of those algorithms. So when we get to code point number 17, we need to expand the registry. instead of using just the first Base32 character we might use the whole of the first byte which would give us 128 extra code points. Or we might go to the first 10 bits which gives us 512 code points. I do not think it is at all likely we will exhaust the registry in our lifetime. Since Rivest proposed MD4 in 1990 we have had four hash algorithms that have been widely used, MD4, MD5, SHA-1 and SHA-2. If we continue at the same pace it will take a century before we get up to 16. And that is actually a pretty conservative estimate. Since 1995 we have only had two algorithms. If we start a registry now with SHA-2 and SHA-3 defined, I see no reason to expect any need to assign a new code point for another 20 years. It is now 14 years since AES was published and nobody expects it to be replaced any time soon. Some people, including myself, think we should have a competition for a second, stronger algorithm for use as a backup but that is an entirely different matter. If we consume one code point every 20 years it will be 1600 years before we need to worry about going beyond the first byte. And even if we were trying to burn code points as quickly as possible I can't see the gaps between the RFCs being less than 2 years. So thats still 160. As with every other key size debate, people can always say we might need more but there is a tradeoff. At present fingerprints need to be short to fit in with our legacy paper based systems. While it is unlikely that issue will disappear in the next ten years, I don't expect it to be relevant in 30. And yes, Bill Gates did suggest 640Kb as the limit for RAM in the IBM PC. But that was not a mistake as some folk imagine. The chip had a hard limit of 1024Kb of memory (it did not have paging) and that had to include the RAM, the ROM and the video memory. Allowing more memory for programs would have prevented the use of bitmapped graphics cards. It was an engineering tradeoff. So is this.
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Werner Koch
- [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Tom Ritter
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Stephen Paul Weber
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints David Shaw
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Designated Revokers Vincent Breitmoser
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Daniel Ranft
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- [openpgp] [RFC4880bis PATCH] Deprecate "Revocatio… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Neal H. Walfield
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Werner Koch
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Paul Wouters
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… Daniel Kahn Gillmor