Re: [openpgp] New fingerprint: to v5 or not to v5

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 07 October 2015 14:03 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4F861A90AD for <openpgp@ietfa.amsl.com>; Wed, 7 Oct 2015 07:03:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wN7LLFMbin_7 for <openpgp@ietfa.amsl.com>; Wed, 7 Oct 2015 07:03:06 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BA101A9109 for <openpgp@ietf.org>; Wed, 7 Oct 2015 07:02:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1444226561; x=1475762561; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=yxzAMIJBXrElxDhOFiNfm6h7aFefMnX9aCcguYgYoR0=; b=1a3LAOPw1T8oZHdOnlK1aH9XM7v+mdLnLVZ7UnBdPsNsSyHCQT2VGoO6 p/RstwPMUS3m/OihgIHhZfdj5g9TG6tUq1qBkcSSV90jDYOkbNOj43LXp s7Pmb6xADLMul/7YnP/NoEPYbDzbHpzd5e4XB5UQButZrp3EkmBtPp8yF LlvcBvRtnkeocgSMErIXlhI0v7qlZ8CQofPOyhIZpC3HiiEOL5Btr61ia nZ9/0RPIDenp6LxaKfW+rxOoN8phHNbIaCu4Dv7hS+Yih5Qkw3d73WoC3 uPn64jO//tnLgBYfjEF9MIuPjSXnJUyiQukvdUbjaaXzeJMXMxk2fyXXl A==;
X-IronPort-AV: E=Sophos;i="5.17,649,1437393600"; d="scan'208";a="47105360"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.125 - Outgoing - Outgoing
Received: from uxchange10-fe3.uoa.auckland.ac.nz ([130.216.4.125]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 08 Oct 2015 03:02:19 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.51]) by uxchange10-fe3.UoA.auckland.ac.nz ([169.254.143.234]) with mapi id 14.03.0174.001; Thu, 8 Oct 2015 03:02:18 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Werner Koch <wk@gnupg.org>
Thread-Topic: [openpgp] New fingerprint: to v5 or not to v5
Thread-Index: AQHRAA0oGRFnZAPwNU68Rcs3/4z3Np5gESqI
Date: Wed, 7 Oct 2015 14:02:17 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4B2C5EE@uxcn10-5.UoA.auckland.ac.nz>
References: <878u84zy4r.fsf@vigenere.g10code.de> <87fv1xxe5w.fsf@alice.fifthhorseman.net> <87r3lgcup8.fsf@vigenere.g10code.de> <CACsn0c=-LKagSqTbgOV1W4Gu4u-f6vpVq82-nWSLGogjoeFKeg@mail.gmail.com> <CAMm+LwjeKDKnN2ZAisbKhWVS4kwCEm_VvcZ1MtftYzEJQpGdhg@mail.gmail.com> <87y4fi5wa9.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B278ED@uxcn10-5.UoA.auckland.ac.nz> <8737xp5z45.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B279C6@uxcn10-5.UoA.auckland.ac.nz>, <87fv1o4e9n.fsf@vigenere.g10code.de>
In-Reply-To: <87fv1o4e9n.fsf@vigenere.g10code.de>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/gXn3U3a73KME5q1_4FjSb8eO2U4>
Cc: Watson Ladd <watsonbladd@gmail.com>, Phillip Hallam-Baker <phill@hallambaker.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] New fingerprint: to v5 or not to v5
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2015 14:03:08 -0000

Werner Koch <wk@gnupg.org>; writes:

>That explicit ID sounds pretty much like a issuer+serialno or one of the
>other X.509 methods to identify a key.  It is not a fingerprint as we know it
>and it can't be used as a secure identification of the key.

It works quite well as a unique identifier for a key.  The problem here is
that PGP makes the same mistake that's made in things like credit cards and
SSNs, where you've got a magic value that's supposed to be both a unique
identifier (public) and an authentication/authorisation value (private).

X.509 handles this by having two distinct things, a unique identifier
(subjectKeyIdentifier) to identify a key, and a fingerprint (hash of the cert)
to verify its integrity or whatever it is you want to do with it.

PGP in contrast confuses the two, so you have a supposedly unique identifier
that hashes in a mutable value (the time) but then doesn't hash in other
important information like the user ID associated with the key.  So it doesn't
work very well either as an identifier or as an integrity-check value.

The fix would be to have two distinct values, a unique identifier (64 or 128
bits of whatever) to uniquely identify a key, and then a fingerprint that
covers the key, subkey(s), user ID(s), attributes, and whatnot, to check that
you've got what you were expecting to get.

>Lost key?  

The key is present somewhere on the keyring but the date has changed, so you
can't locate it by key ID any more because the date hashed into the other bits
and pieces changes the key ID.

Peter.