IETF Logo Mail Archive

Re: [openpgp] V5 Fingerprint again

KellerFuchs <KellerFuchs@hashbang.sh> Wed, 01 March 2017 18:08 UTC

Return-Path: <kellerfuchs@hashbang.sh>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BD70129640 for <openpgp@ietfa.amsl.com>; Wed, 1 Mar 2017 10:08:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1dKxz0OJkvoT for <openpgp@ietfa.amsl.com>; Wed, 1 Mar 2017 10:08:30 -0800 (PST)
Received: from mail.hashbang.sh (mail.hashbang.sh [104.236.46.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20FC112963C for <openpgp@ietf.org>; Wed, 1 Mar 2017 10:08:30 -0800 (PST)
Received: from localhost (to1.hashbang.sh [104.245.37.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hashbang.sh (Postfix) with ESMTPS id 0DFFB168A2; Wed, 1 Mar 2017 18:08:28 +0000 (UTC)
Date: Wed, 01 Mar 2017 18:08:27 +0000
From: KellerFuchs <KellerFuchs@hashbang.sh>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Message-ID: <20170301180827.GD2@hashbang.sh>
References: <CAMm+Lwju5i5xHt=ma6Ush4_4dfZNwOi2=2km+6Qja+sDbkvbxg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAMm+Lwju5i5xHt=ma6Ush4_4dfZNwOi2=2km+6Qja+sDbkvbxg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/htrvsxc4J-hye6xYa9WGrzC8sNQ>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] V5 Fingerprint again
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 18:08:31 -0000

Hi,

On Wed, Mar 01, 2017 at 12:30:14PM -0500, Phillip Hallam-Baker wrote:
> The issue we are seeing the the SHA-1 break is that a LOT of software is
> based on the assumption that SHA-1 is unique. And this is causing software
> to crash in real world applications.

Not entirely sure what a standard change can do about that, except from
using a collision-resistant hash function which is expected to stay so
for the forseeable future, and have the ability to switch to a new
fingerprint format.


> The proposal I made introduces a context into the fingerprint so that
> S/MIME, OpenPGP, etc. can all use the same fingerprint format without
> semantic substitution attacks being possible.

This seems sensible to me, but I don't see how it would protect against
a future weakness of the hash function.

However, it is useful to stop attacks where a single document would be
valid as a v5 key and as S/MIME (for instance), with both interpretations
having identical fingerprints.

I don't see an immediate attack vector there, but I'm very much not an
expert on polyglots.


> ##V5 Fingerprint calculation and presentation
> 
> A V5 fingerprint value is a sequence of bits that provides a sufficiently
> unique identifier for a public key. In addition to generating and accepting
> the text string presentation used in earlier versions of OpenPGP
> applications
> MAY support such additional presentation formats as are found to be useful.
> 
> Conforming V5 OpenPGP implementations MUST support the V5 Fingerprint
> text presentation format for display and entry of fingerprint values.
> Support for all other fingerprint values is optional.
> 
> ###V5 Fingerprint value calculation
> 
> The OpenPGP V5 fingerprint value is calculated as follows
> 
> Fingerprint = <Version-ID> + H (<Content-ID>  + ‘:’ + H(<data>))

Why a colon, rather than a NUL byte?
(It's not obvious that Content-Type strings, esp. auxiliary parameters,
 cannot contain colons)


Best,

  Keller

v2.23.0 | Report a Bug | By Email