Re: [openpgp] V5 Fingerprint again
Werner Koch <wk@gnupg.org> Wed, 01 March 2017 20:02 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EFE5129951 for <openpgp@ietfa.amsl.com>; Wed, 1 Mar 2017 12:02:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EMRzBm8UIePP for <openpgp@ietfa.amsl.com>; Wed, 1 Mar 2017 12:02:44 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F3031298C2 for <openpgp@ietf.org>; Wed, 1 Mar 2017 12:02:44 -0800 (PST)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cjASQ-0005vJ-Rs for <openpgp@ietf.org>; Wed, 01 Mar 2017 21:02:42 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cjAMj-00040A-Vy; Wed, 01 Mar 2017 20:56:50 +0100
From: Werner Koch <wk@gnupg.org>
To: Phillip Hallam-Baker <phill@hallambaker.com>
References: <CAMm+Lwju5i5xHt=ma6Ush4_4dfZNwOi2=2km+6Qja+sDbkvbxg@mail.gmail.com>
Organisation: The GnuPG Project
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367
Mail-Followup-To: Phillip Hallam-Baker <phill@hallambaker.com>, IETF OpenPGP <openpgp@ietf.org>
Date: Wed, 01 Mar 2017 20:56:49 +0100
In-Reply-To: <CAMm+Lwju5i5xHt=ma6Ush4_4dfZNwOi2=2km+6Qja+sDbkvbxg@mail.gmail.com> (Phillip Hallam-Baker's message of "Wed, 1 Mar 2017 12:30:14 -0500")
Message-ID: <874lzcbwji.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=USCODE_Axis_of_Evil_industrial_espionage_high_security_unclassified="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/f3ueb5jEil-TRCWCgoSAwGVvsks>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] V5 Fingerprint again
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 20:02:46 -0000
On Wed, 1 Mar 2017 18:30, phill@hallambaker.com said: > The issue we are seeing the the SHA-1 break is that a LOT of software is > based on the assumption that SHA-1 is unique. And this is causing software > to crash in real world applications. It is not an issue for us because we are not affected by a collision attacks and signatures are anyway done for quite some time using SHA-2. The proposal we made in Berlin was to use use SHA-256 truncated to 25 octets for the new v5 key format. Unfortunately I have been too busy to push this forward but it is now on my short list. The rationale for SHA-256 is that it is faster on small systems and anyway needed for backward compatibility with existing RSA signatures. Truncating from 32 to 25 octets allows for easy human fingerprint verification and also to keep the size of signatures small (note that we now include the fingerprint in the signatures for easy public key lookup). > The proposal I made introduces a context into the fingerprint so that > S/MIME, OpenPGP, etc. can all use the same fingerprint format without Unfortunately your proposal diverts heavily from the existing standard and would thus not be an easy change. Recall that a OpenPGP is used by small device and thus we need to have an easy migration path towards a v5 key. The proposal also adds a textual representation format which has always been out of scope in OpenPGP. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] V5 Fingerprint again Phillip Hallam-Baker
- Re: [openpgp] V5 Fingerprint again KellerFuchs
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Robert J. Hansen
- Re: [openpgp] V5 Fingerprint again Leo Gaspard
- Re: [openpgp] V5 Fingerprint again Derek Atkins
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Leo Gaspard
- Re: [openpgp] V5 Fingerprint again Vincent Breitmoser
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Vincent Breitmoser
- Re: [openpgp] V5 Fingerprint again KellerFuchs