Re: [openpgp] V5 Fingerprint again
KellerFuchs <KellerFuchs@hashbang.sh> Wed, 01 March 2017 18:08 UTC
Return-Path: <kellerfuchs@hashbang.sh>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BD70129640 for <openpgp@ietfa.amsl.com>; Wed, 1 Mar 2017 10:08:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1dKxz0OJkvoT for <openpgp@ietfa.amsl.com>; Wed, 1 Mar 2017 10:08:30 -0800 (PST)
Received: from mail.hashbang.sh (mail.hashbang.sh [104.236.46.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20FC112963C for <openpgp@ietf.org>; Wed, 1 Mar 2017 10:08:30 -0800 (PST)
Received: from localhost (to1.hashbang.sh [104.245.37.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hashbang.sh (Postfix) with ESMTPS id 0DFFB168A2; Wed, 1 Mar 2017 18:08:28 +0000 (UTC)
Date: Wed, 01 Mar 2017 18:08:27 +0000
From: KellerFuchs <KellerFuchs@hashbang.sh>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Message-ID: <20170301180827.GD2@hashbang.sh>
References: <CAMm+Lwju5i5xHt=ma6Ush4_4dfZNwOi2=2km+6Qja+sDbkvbxg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAMm+Lwju5i5xHt=ma6Ush4_4dfZNwOi2=2km+6Qja+sDbkvbxg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/htrvsxc4J-hye6xYa9WGrzC8sNQ>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] V5 Fingerprint again
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 18:08:31 -0000
Hi, On Wed, Mar 01, 2017 at 12:30:14PM -0500, Phillip Hallam-Baker wrote: > The issue we are seeing the the SHA-1 break is that a LOT of software is > based on the assumption that SHA-1 is unique. And this is causing software > to crash in real world applications. Not entirely sure what a standard change can do about that, except from using a collision-resistant hash function which is expected to stay so for the forseeable future, and have the ability to switch to a new fingerprint format. > The proposal I made introduces a context into the fingerprint so that > S/MIME, OpenPGP, etc. can all use the same fingerprint format without > semantic substitution attacks being possible. This seems sensible to me, but I don't see how it would protect against a future weakness of the hash function. However, it is useful to stop attacks where a single document would be valid as a v5 key and as S/MIME (for instance), with both interpretations having identical fingerprints. I don't see an immediate attack vector there, but I'm very much not an expert on polyglots. > ##V5 Fingerprint calculation and presentation > > A V5 fingerprint value is a sequence of bits that provides a sufficiently > unique identifier for a public key. In addition to generating and accepting > the text string presentation used in earlier versions of OpenPGP > applications > MAY support such additional presentation formats as are found to be useful. > > Conforming V5 OpenPGP implementations MUST support the V5 Fingerprint > text presentation format for display and entry of fingerprint values. > Support for all other fingerprint values is optional. > > ###V5 Fingerprint value calculation > > The OpenPGP V5 fingerprint value is calculated as follows > > Fingerprint = <Version-ID> + H (<Content-ID> + ‘:’ + H(<data>)) Why a colon, rather than a NUL byte? (It's not obvious that Content-Type strings, esp. auxiliary parameters, cannot contain colons) Best, Keller
- [openpgp] V5 Fingerprint again Phillip Hallam-Baker
- Re: [openpgp] V5 Fingerprint again KellerFuchs
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Robert J. Hansen
- Re: [openpgp] V5 Fingerprint again Leo Gaspard
- Re: [openpgp] V5 Fingerprint again Derek Atkins
- Re: [openpgp] V5 Fingerprint again Werner Koch
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Leo Gaspard
- Re: [openpgp] V5 Fingerprint again Vincent Breitmoser
- Re: [openpgp] V5 Fingerprint again Thijs van Dijk
- Re: [openpgp] V5 Fingerprint again Vincent Breitmoser
- Re: [openpgp] V5 Fingerprint again KellerFuchs