Re: [openpgp] New fingerprint: to v5 or not to v5

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 05 October 2015 11:44 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 556861AC3DF for <openpgp@ietfa.amsl.com>; Mon, 5 Oct 2015 04:44:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qwaoi1cZamTU for <openpgp@ietfa.amsl.com>; Mon, 5 Oct 2015 04:44:43 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A33561AC3E1 for <openpgp@ietf.org>; Mon, 5 Oct 2015 04:44:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1444045482; x=1475581482; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=bXS32bCtHp7C7c7bBUy8vTl1OCknG5EAHXQcROVl0n8=; b=pAhR+ddK9wp5ePjkti/q+WBiH/Hl1t9aW7BzNpHExpHYUcYRnbNZKfQx i6inrJ7jcb19Pg0QuEZ8rnylXJmq3SGVqzkj4HDybX3Magcgc6E8m5ULo 6ZkZXGpb9cbGW8vBDjAOK8uZ/4fXIoA/hHYjvCqkoGicIZl3AjIYXrr+0 N4ZE29KSNJpgqfKWp2PpeW9U4yawMdlLb3sCMpIKOzahK+dMl2CdgH1U2 ox64kn9j4KSuNpgnhruGZZlYBqgDXM0a5PFBsIf190IUrzByQHXFb09xh a8NA8zBxDGoX/wTYSzQPP6EzrtJWDMRfAuCNZXzm5RicrlWe9VONLvvcZ A==;
X-IronPort-AV: E=Sophos;i="5.17,638,1437393600"; d="scan'208";a="46481437"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 06 Oct 2015 00:44:40 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.51]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.03.0174.001; Tue, 6 Oct 2015 00:44:40 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Werner Koch <wk@gnupg.org>
Thread-Topic: [openpgp] New fingerprint: to v5 or not to v5
Thread-Index: AQHQ/2GfGRFnZAPwNU68Rcs3/4z3Np5cx1Ip
Date: Mon, 5 Oct 2015 11:44:39 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4B279C6@uxcn10-5.UoA.auckland.ac.nz>
References: <878u84zy4r.fsf@vigenere.g10code.de> <87fv1xxe5w.fsf@alice.fifthhorseman.net> <87r3lgcup8.fsf@vigenere.g10code.de> <CACsn0c=-LKagSqTbgOV1W4Gu4u-f6vpVq82-nWSLGogjoeFKeg@mail.gmail.com> <CAMm+LwjeKDKnN2ZAisbKhWVS4kwCEm_VvcZ1MtftYzEJQpGdhg@mail.gmail.com> <87y4fi5wa9.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B278ED@uxcn10-5.UoA.auckland.ac.nz>, <8737xp5z45.fsf@vigenere.g10code.de>
In-Reply-To: <8737xp5z45.fsf@vigenere.g10code.de>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/dl_7Yu2Fopeit9W238SJLy1wnWM>
Cc: Watson Ladd <watsonbladd@gmail.com>, Phillip Hallam-Baker <phill@hallambaker.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] New fingerprint: to v5 or not to v5
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 11:44:45 -0000

Werner Koch <wk@gnupg.org>; writes:

>Is your request to leave the timestamp out of a v5 fingerprint computation?

Either leave it out or, much better, use an explicit ID stored with the key
rather than one that's implicitly calculated from various bits and pieces
surrounding the key.  That's how PKCS #15 and (ugh) PKCS #12 do it, it makes
key lookup much less of a pain and avoids the current lost-key problem where
you can't match up a key to a signature even though it's present and
available.

>That is out of scope for the current work.

I can't see anything in the charter that would exclude it, it says the work
items "include, but are not limited to ...", and specifically allows for work
that won't unduly delay things and that has support from the WG.

Peter.