Re: including the entire fingerprint of the issuer in an OpenPGP certification

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 19 January 2011 00:11 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0J0BoPM065312 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 18 Jan 2011 17:11:50 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0J0Bo9O065311; Tue, 18 Jan 2011 17:11:50 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0J0BiwY065305 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL) for <ietf-openpgp@imc.org>; Tue, 18 Jan 2011 17:11:47 -0700 (MST) (envelope-from pgut001@login01.fos.auckland.ac.nz)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1295395908; x=1326931908; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20ietf-openpgp@imc.org,=20nagydani@epointsystem.org |Subject:=20Re:=20including=20the=20entire=20fingerprint =20of=20the=20issuer=20in=20an=20OpenPGP=20certification |Cc:=20dkg@fifthhorseman.net,=20notmuch@notmuchmail.org |In-Reply-To:=20<4D3564E4.1010203@epointsystem.org> |Message-Id:=20<E1PfLeJ-0002cY-4A@login01.fos.auckland.ac .nz>|Date:=20Wed,=2019=20Jan=202011=2013:11:43=20+1300; bh=ntqTGfQQ7qJId6UnhG6SWZGCvU1kjRdQOe3fJLjkxm4=; b=YFZDlTz8RJdEACn4nwBkb0a0DxmgM+aNmCe8wSohORkmMCb8VFlh3k30 dd4gc841HFNozW0BApDhH96DfrosWFzpibBbs41K4QhTfbqe2uCX+nPWf fOUFlqqbm+6sRrrONXPfM2uc9y6AgRxZ2zNL0MnvKa5dfy0b27P0w49p1 s=;
X-IronPort-AV: E=Sophos;i="4.60,341,1291546800"; d="scan'208";a="42824993"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 19 Jan 2011 13:11:43 +1300
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1PfLeJ-0005es-Gh; Wed, 19 Jan 2011 13:11:43 +1300
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1PfLeJ-0002cY-4A; Wed, 19 Jan 2011 13:11:43 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: ietf-openpgp@imc.org, nagydani@epointsystem.org
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
Cc: dkg@fifthhorseman.net, notmuch@notmuchmail.org
In-Reply-To: <4D3564E4.1010203@epointsystem.org>
Message-Id: <E1PfLeJ-0002cY-4A@login01.fos.auckland.ac.nz>
Date: Wed, 19 Jan 2011 13:11:43 +1300
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

"Daniel A. Nagy" <nagydani@epointsystem.org> writes:

>generating a new key with the same 64-bit key ID as an existing key is on the
>very far end of the realm of feasibility.

That should be:

  generating a *secure* new key with the same 64-bit key ID as an existing key
  is on the very far end of the realm of feasibility.

If you don't mind that your key's weak then it's not that much more work than
just finding a 64-bit collision.

Peter.