IETF Logo Mail Archive

Re: [openpgp] Version 5 key and fingerprint proposal

KellerFuchs <KellerFuchs@hashbang.sh> Thu, 09 March 2017 17:45 UTC

Return-Path: <kellerfuchs@hashbang.sh>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CAC5128B44 for <openpgp@ietfa.amsl.com>; Thu, 9 Mar 2017 09:45:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjXQSijEir2H for <openpgp@ietfa.amsl.com>; Thu, 9 Mar 2017 09:45:33 -0800 (PST)
Received: from mail.hashbang.sh (mail.hashbang.sh [104.236.46.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91BF41294E8 for <openpgp@ietf.org>; Thu, 9 Mar 2017 09:45:33 -0800 (PST)
Received: from localhost (to1.hashbang.sh [104.245.37.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hashbang.sh (Postfix) with ESMTPS id A74BA16C7D for <openpgp@ietf.org>; Thu, 9 Mar 2017 17:45:32 +0000 (UTC)
Date: Thu, 09 Mar 2017 17:45:31 +0000
From: KellerFuchs <KellerFuchs@hashbang.sh>
To: openpgp@ietf.org
Message-ID: <20170309174531.GB2@hashbang.sh>
References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <87efy8ntcx.fsf@wheatstone.g10code.de>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/hl7yoC1qqp-ymt0uuBWEOnqoGko>
Subject: Re: [openpgp] Version 5 key and fingerprint proposal
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2017 17:45:35 -0000

On Wed, Mar 08, 2017 at 08:02:54AM +0100, Werner Koch wrote:
> On Wed,  8 Mar 2017 00:06, KellerFuchs@hashbang.sh said:
> 
> > Since it's not entirely clear (at least to me) if this means keeping the 20
> > rightmost octets or dropping octets right of the 25th, not introducing it
> > is not ideal.
> 
> What about this:

This is very nice: basically as concise, and completely unambiguous
so it doesn't need a definition  :)


> [...]
> > Also, but I likely missed the relevant WG thread, why truncate the
> > fingerprint to 200 bits? (Not that this is likely an issue.)
> 
> That was a suggestion from the Berlin meeting.
> 
> Given that even for SHA-1 no pre-image attack is known, we get quite
> some security margin by using 200 bits from SHA-256 over the 160 from
> SHA-1.
> 
> When a truncated SHA-256 shows weaknesses we only need to replace two
> signature subpackets but the fingerrprint won't change.
> 
> Due to the use of the 'Issuer Fingerpint' the signatures grow in size by
> 22 octets which is substantal for ECC signatures.  With the full V5
> fingerprint this would increase to 25 octets (34 - 9 from the not used
> 'Issuer' subpacket).  By truncating the fingerprint we will only use 18
> octets which is even a saving compared to V4 keys.

Thanks a bunch for the explanation, this makes sense.


Best,

  kf

v2.23.0 | Report a Bug | By Email