IETF Logo Mail Archive

Re: [openpgp] Should signatures be rejected if the embedded hash prefix does not match?

Paul Wouters <paul@nohats.ca> Thu, 02 March 2023 17:18 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26ED4C151AE4 for <openpgp@ietfa.amsl.com>; Thu, 2 Mar 2023 09:18:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gnwnh3sI-HSa for <openpgp@ietfa.amsl.com>; Thu, 2 Mar 2023 09:18:06 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BAF2C1516E9 for <openpgp@ietf.org>; Thu, 2 Mar 2023 09:18:05 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4PSHqZ4rjCzFHY; Thu, 2 Mar 2023 18:18:02 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1677777482; bh=Gv3XgaCkAVyiGP8UpUyEIyWOq97mlLioQPs27mA8sU0=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=lK8Z5W1p7WbmVHOiKhZoESou3nnORQel9czYUHrlOlmJL/x+UedWKD3mrhyHfKP/E u5FX99902A/2JpeWPsYQCTLHKMWEbHivk0uk4hN3iqJFUvkAw+81TNWFIDtgnQcIb/ KCRtUH7ZfJv/cYBxTpYc9XasPZd5o5MXQ5neGSzE=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id stVOtGjU3E4W; Thu, 2 Mar 2023 18:18:01 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 2 Mar 2023 18:18:01 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 0971F7DB9D3; Thu, 2 Mar 2023 12:18:01 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 0628C7DB9D2; Thu, 2 Mar 2023 12:18:01 -0500 (EST)
Date: Thu, 02 Mar 2023 12:18:01 -0500
From: Paul Wouters <paul@nohats.ca>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
cc: openpgp@ietf.org
In-Reply-To: <87y1ofqm83.fsf@fifthhorseman.net>
Message-ID: <29210247-9dae-1218-ff5f-e5cba6e0d9f0@nohats.ca>
References: <87lekkts65.fsf@fifthhorseman.net> <d759691a-c447-f66d-b839-f1b87e6b89af@andrewg.com> <87y1oj5ltj.fsf@europ.lan> <edeb91b0-6e7e-fa35-c571-d16dff433871@andrewg.com> <87v8jn5e4k.fsf@europ.lan> <55c56429-e1b1-97d3-5ad3-c54a69428143@andrewg.com> <87sfer588g.fsf@europ.lan> <b2a78baa-4636-9353-e079-232d580806a0@andrewg.com> <87o7pe69m6.fsf@europ.lan> <6lLcuziqTC31StjVfWBQYzemBHmXkVQG_LV6cIQ1lQU7qtOTr-HKCRHzxSY5LXsFU_BnnElSN0zry-RGK8TtC5cM_Ab4KsuWSPON8-82ZOM=@protonmail.com> <ebd88ec4-787b-fea7-f822-e6b514343dba@andrewg.com> <87wn41ru96.fsf@fifthhorseman.net> <87cz5sbsv3.fsf@europ.lan> <2ae335f9-b36a-f5e1-8668-b94a805b709e@andrewg.com> <87lekgs64c.fsf@fifthhorseman.net> <fb3a9276-f948-73dc-af81-46dfa9b02209@andrewg.com> <87a60vbi7n.fsf@europ.lan> <5ba74a57-c039-5ab8-45bc-30ae681bc8c8@andrewg.com> <877cvzbet0.fsf@europ.lan> <c8bc1904-dcaf-6ab9-1f16-85a0a2761c6f@andrewg.com> <87y1ofqm83.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/g8PAR3eGiMZ3IwpBNw2UDGv0R1c>
Subject: Re: [openpgp] Should signatures be rejected if the embedded hash prefix does not match?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2023 17:18:10 -0000

On Thu, 2 Mar 2023, Daniel Kahn Gillmor wrote:

> Can we get a consensus read from the group about whether the proposal as
> it stands in !213 is acceptable?
>
> The proposal adds this single sentence to the crypto-refresh:
>
>    When verifying a v6 signature, an implementation MUST reject the
>    signature if these octets don't match the first two octets of the
>    computed hash.
>
> I'm not asking for a consensus about whether this is *everything* you'd
> like to see (this conversation has made it clear to me that there are
> strongly-held opinions within the group about desired-yet-conflicting
> additional clarifications about v3 and v4 signatures).
>
> I'm asking whether you approve of this particular addition, as it
> stands.

(no hats on)

I am in favour of adding this, so as to try and prevent the current
existing problem in v3/v4 sigs from becoming a problem in v6 sigs.

Paul

v2.23.0 | Report a Bug | By Email