Re: [openpgp] Summary of WG status
Vincent Breitmoser <look@my.amazin.horse> Tue, 15 August 2017 13:13 UTC
Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5065B13257F for <openpgp@ietfa.amsl.com>; Tue, 15 Aug 2017 06:13:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NKFmMmfQ4lyV for <openpgp@ietfa.amsl.com>; Tue, 15 Aug 2017 06:13:32 -0700 (PDT)
Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A3F91321C6 for <openpgp@ietf.org>; Tue, 15 Aug 2017 06:13:31 -0700 (PDT)
Received: from localhost (p5B11CF40.dip0.t-ipconnect.de [91.17.207.64]) by mail.mugenguild.com (Postfix) with ESMTPSA id B1C605FAE8; Tue, 15 Aug 2017 15:13:28 +0200 (CEST)
Date: Tue, 15 Aug 2017 15:13:26 +0200
From: Vincent Breitmoser <look@my.amazin.horse>
To: "Robert J. Hansen" <rjh@sixdemonbag.org>
Cc: Derek Atkins <derek@ihtfp.com>, openpgp@ietf.org
Message-ID: <20170815131326.wa5guttvgsp2la5g@calamity>
References: <20170712223852.zmnvw4iwvziqsynq@genre.crustytoothpaste.net> <20170810014751.erufvruh2lm5cdpe@genre.crustytoothpaste.net> <1b68dbbb-38ac-6370-fe20-76be795b2634@sixdemonbag.org> <20170811202924.yiwzjom3tag3ivkk@genre.crustytoothpaste.net> <a2f2973f-2b34-5e07-2651-a1910d992c6a@sixdemonbag.org> <sjmefsef9b6.fsf@securerf.ihtfp.org> <3bff215c-4de7-3994-8f78-5a06caa3fbfe@sixdemonbag.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <3bff215c-4de7-3994-8f78-5a06caa3fbfe@sixdemonbag.org>
User-Agent: NeoMutt/20170609 (1.8.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/e-DUcBPq9eBMTaqEp6akWmsWLOE>
Subject: Re: [openpgp] Summary of WG status
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 13:13:34 -0000
I'm conflicted about this. Yes, moving away from SHA1 is a good idea. We should do that asap. But I really dislike that this comes with an increased fingerprint size to 256 bits. Looking at the use case we are trying to cover here, and the actual requirements the fingerprint has to fulfill, even the 160 bits we had before were "super-duper-safe because who knows what might happen" terrain. And we are going to bolt another 96 bits on top of that. People are going to read sixty-four hexadecimal characters to one another to verify their keys. On the other hand, I can see how the choice of just using SHA2-256 is attractive for its simplicity, especially in a context where consensus is hard to find. - V
- [openpgp] Summary of WG status brian m. carlson
- Re: [openpgp] Summary of WG status Werner Koch
- [openpgp] Must-Implement Algorithms (was:Summary … Werner Koch
- Re: [openpgp] Must-Implement Algorithms (was:Summ… brian m. carlson
- Re: [openpgp] Summary of WG status brian m. carlson
- Re: [openpgp] Summary of WG status Salz, Rich
- Re: [openpgp] Summary of WG status Robert J. Hansen
- Re: [openpgp] Summary of WG status vedaal
- Re: [openpgp] Summary of WG status Robert J. Hansen
- Re: [openpgp] Summary of WG status brian m. carlson
- Re: [openpgp] Summary of WG status brian m. carlson
- Re: [openpgp] Summary of WG status Robert J. Hansen
- Re: [openpgp] Summary of WG status Derek Atkins
- Re: [openpgp] Summary of WG status Robert J. Hansen
- Re: [openpgp] Summary of WG status Vincent Breitmoser
- Re: [openpgp] Summary of WG status Robert J. Hansen
- Re: [openpgp] Summary of WG status Stephen Paul Weber
- Re: [openpgp] Summary of WG status Robert J. Hansen
- Re: [openpgp] Summary of WG status Salz, Rich
- Re: [openpgp] Summary of WG status Robert J. Hansen
- Re: [openpgp] Summary of WG status Salz, Rich
- Re: [openpgp] Summary of WG status Vincent Breitmoser
- Re: [openpgp] Summary of WG status Daniel Kahn Gillmor
- Re: [openpgp] Summary of WG status Kristian Fiskerstrand
- Re: [openpgp] Summary of WG status Daniel Kahn Gillmor
- Re: [openpgp] Summary of WG status Daniel Kahn Gillmor
- Re: [openpgp] Summary of WG status Werner Koch