IETF Logo Mail Archive

Re: [openpgp] Fingerprints

Werner Koch <wk@gnupg.org> Mon, 20 April 2015 18:41 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 811401B2CA2 for <openpgp@ietfa.amsl.com>; Mon, 20 Apr 2015 11:41:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TIe0bJzL0fFC for <openpgp@ietfa.amsl.com>; Mon, 20 Apr 2015 11:41:40 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C5EA1B2C9F for <openpgp@ietf.org>; Mon, 20 Apr 2015 11:41:40 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1YkGdW-0004iO-Hb for <openpgp@ietf.org>; Mon, 20 Apr 2015 20:41:38 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1YkGZc-0008MY-1M; Mon, 20 Apr 2015 20:37:36 +0200
From: Werner Koch <wk@gnupg.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Mail-Followup-To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Date: Mon, 20 Apr 2015 20:37:35 +0200
In-Reply-To: <87d232lkb6.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Fri, 17 Apr 2015 13:46:21 -0400")
Message-ID: <87618qzlw0.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/kBmBJTB3rytOKZ6OdQ1Xkrp7Sl8>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2015 18:41:41 -0000

On Fri, 17 Apr 2015 19:46, dkg@fifthhorseman.net said:

> key to satisfy two different fingerprint camps.  the transition period
> where i need a v4 fingerprint and a v5 fingerprint is going to be bad
> enough, let's not make that persistent.  If i put one form of a v5

I do not think that this is major problem.  For many years we had to
cope with the v3 and v4 fingerprints.  It was easy to explain that they
are similar but that 4-hex-nibble fingerprint are used with modern keys
and most folks like to be modern or own modern keys.

> fingerprint on mine, and you put another, then any implementation that
> copes with them (keyservers; manual verifiers) will have to understand

Right, that is not going to work.  It is worse enough that there is no
fingerprint standard for X.509 and we need to avoid it.  I understood
the proposal as to define a common fingerprint format which can be
re-used for a v6 key format.  The number of different ways to render a
string of hex digits is limited.

>  * truncation: how long is the fingerprint?  Is it acceptable to
>    truncate further?  If so, by how much?  Werner's note is also
[...]
>    If we use a 256-bit fingerprint for a 255-bit curve25519 key, what's
>    the point?

BTW, there is another option: We could demand a specific subkey
(e.g. 256 bit ECDSA) which directly acts as the fingerprint.  This
fingerprint-key could then also be used for forthcoming distributed
naming systems.

>  * digest algorithm; we need preimage resistance; we do not need
>    collision resistance.

Thus SHA-256 should be sufficient.

>  * what material gets digested; at a minmum, this is:
>     - the algorithm for the key (incl. any parameters)
>     - public key values (mpi's, bitstrings)
>       it's not clear to me that there is any advantage to adding
>       anything else here.

It has been discussed that a hard expiration date would be useful.

Having a creation date as part of the key allows to create a key from
the same key material but still be identified as a different key.  This
is for example useful if the key material is on a smartcard and you want
(e.g. due to company policy) two independent looking keys.

>  * human-representable form of the digest: e.g. hex, base32, common
>    hyphenation patterns, etc.  there are legibility/usability factors
>    here that i don't know enough to comment on.

For a long time I pondered with the idea to suggest base32 for a v5 key
but meanwhile I think that hex digits are easier to read and spell over
noisy channels. 

 08-12345678-9abcdef0-12345678-9abcdef0-12345678-9abcdef0-12345678-9abcdef0

would fit into one line and is still not too hard to read.



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email