Re: [openpgp] New fingerprint: to v5 or not to v5

Phillip Hallam-Baker <phill@hallambaker.com> Sun, 04 October 2015 01:50 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CF9F1B2E28 for <openpgp@ietfa.amsl.com>; Sat, 3 Oct 2015 18:50:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6jjfaWnw3CH9 for <openpgp@ietfa.amsl.com>; Sat, 3 Oct 2015 18:50:19 -0700 (PDT)
Received: from mail-lb0-x229.google.com (mail-lb0-x229.google.com [IPv6:2a00:1450:4010:c04::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 987811B2E27 for <openpgp@ietf.org>; Sat, 3 Oct 2015 18:50:18 -0700 (PDT)
Received: by lbwr8 with SMTP id r8so42291005lbw.2 for <openpgp@ietf.org>; Sat, 03 Oct 2015 18:50:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=t+dZ/pdsQyMqROV61yOwfGxF2iDAEZYD4vE6ZyleyF8=; b=M/ASVs+rt48ErLysTdjHqBc/sLVdaLr39zjwF/U6D4946ZqQCfmnyRg8jFWNIVd0JF baMdJr2To8f2UxNivaPc+3D+5iU1qF6y7J637tiy8gFNsGSrgyIrB3vv5+p9H1f4achD +SFuffGklu4Tv2Ou2Mrc2eL5OUUYTZgY0NtetjUtmgrVWSNCmkVeSexIXJGrmMbMy8d/ aFXE1D5RaAN1hKq7vBNLoouexXE25hUsdJ6BpoQBaG7IKhqxYnI49VL9ZSSpqolQIOs9 erheXcUHnFOGL8d11jzYUPuzltkepRCLKRSDf0vdnnbTzgDD6tG6NIw6Y6gWyu+VD63N eMYQ==
MIME-Version: 1.0
X-Received: by 10.25.158.84 with SMTP id h81mr5862226lfe.58.1443923416655; Sat, 03 Oct 2015 18:50:16 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.2.163 with HTTP; Sat, 3 Oct 2015 18:50:16 -0700 (PDT)
In-Reply-To: <CACsn0c=-LKagSqTbgOV1W4Gu4u-f6vpVq82-nWSLGogjoeFKeg@mail.gmail.com>
References: <878u84zy4r.fsf@vigenere.g10code.de> <87fv1xxe5w.fsf@alice.fifthhorseman.net> <87r3lgcup8.fsf@vigenere.g10code.de> <CACsn0c=-LKagSqTbgOV1W4Gu4u-f6vpVq82-nWSLGogjoeFKeg@mail.gmail.com>
Date: Sat, 3 Oct 2015 21:50:16 -0400
X-Google-Sender-Auth: WMtETjukgfWJ-tThzjJavX5__LU
Message-ID: <CAMm+LwjeKDKnN2ZAisbKhWVS4kwCEm_VvcZ1MtftYzEJQpGdhg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary=001a1141053a55332005213d9eaa
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/gjoTOgAo_0owrmEcBgdlyIroq8w>
Cc: IETF OpenPGP <openpgp@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [openpgp] New fingerprint: to v5 or not to v5
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2015 01:50:20 -0000

On Thu, Oct 1, 2015 at 6:39 PM, Watson Ladd <watsonbladd@gmail.com>; wrote:

> On Wed, Sep 30, 2015 at 2:00 AM, Werner Koch <wk@gnupg.org>; wrote:
> > On Tue, 29 Sep 2015 20:40, dkg@fifthhorseman.net said:
> >
> >> v4 key and wrap it in a v5 packet, thereby producing a "new key" that's
> >> actually the "same key".  So claiming that key material can only be used
> >> as *either* v4 or v5 wouldn't quite be correct.
> >
> > FWIW: I was thinking about this but that is not limited to OpenPGP.  I
> > can use the same key material for an OpenPGP key, an X.509 key, and an
> > SSH key.  This is actually sometimes useful if you have a single key on
> > a smartcard.
>
> Have you conducted a proper cross-protocol analysis of what data each
> key type is used to sign showing that this interaction doesn't lead to
> bad things happening?
>

Yes, hence the reason for my UDF design which salts the hash with the mime
content type of the data being hashed. Thus one fingerprint format can be
used for a S/MIME key or an OpenPGP key or an SSH key.