IETF Logo Mail Archive

Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a separable ring signature scheme...]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 14 March 2014 14:38 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E4BA1A015B for <openpgp@ietfa.amsl.com>; Fri, 14 Mar 2014 07:38:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wGdRT89t3LUQ for <openpgp@ietfa.amsl.com>; Fri, 14 Mar 2014 07:38:04 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id A025B1A014F for <openpgp@ietf.org>; Fri, 14 Mar 2014 07:38:04 -0700 (PDT)
Received: from [10.70.10.55] (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 73EF2F984; Fri, 14 Mar 2014 10:37:56 -0400 (EDT)
Message-ID: <5323143A.7060707@fifthhorseman.net>
Date: Fri, 14 Mar 2014 10:37:46 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.2.0
MIME-Version: 1.0
To: Peter Pentchev <roam@ringlet.net>, Vincent Yu <v@v-yu.com>
References: <80674820640dbeb5ae81f81c67d87541@smtp.hushmail.com> <23C2DE82-93B7-48A6-95A6-14B4F5DD1F42@callas.org> <3e9143bf60d2252a67149eb4b984bcdb@smtp.hushmail.com> <532268E5.8090001@fifthhorseman.net> <1e053aff143a868d303cb483949bcd31@smtp.hushmail.com> <20140314142447.GA6744@straylight.m.ringlet.net>
In-Reply-To: <20140314142447.GA6744@straylight.m.ringlet.net>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="HLb9npcHc70r4Qb9aj6FW1ETrxX5MchOO"
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/nWFl7s2JkchFMlNdEsfvZy2fa4E
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a separable ring signature scheme...]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Mar 2014 14:38:08 -0000

On 03/14/2014 10:24 AM, Peter Pentchev wrote:
> Hm, how exactly would this deal with the existence of multiple signing
> subkeys, all associated with the same master public key?  Your current
> proposal explicitly allows for that, using the key IDs; I guess there
> might be a need to include *both* the fingerprint of the master key
> *and* some kind of identification of the subkey actually used for
> signing.


Vincent's original spec says:

>> It is common for an OpenPGP key bundle to contain multiple keys that 
>> are capable of producing signatures. For instance, this is the case 
>> when the primary certification key and a subkey both have their signing 
>> flags set (see Section 5.2.3.21 of RFC 4880). When a user wishes to 
>> create a ring signature that includes a key ID in a bundle that 
>> contains other keys capable of signing, it would make sense to include 
>> all signing-capable keys in the ring signature. 

But I'm not convinced by this last conclusion.  Why include all the
signing-capable keys?  I have a primary signing-capable key and a subkey
that is also signing-capable.  When i sign this message, i will only
sign it with one of them.  What is the rationale for including all the
keys?  It seems like it just makes the signature creation take longer,
and i don't see the benefit.  presumably the signing keys are likely to
be all controlled by the same person, right?

	--dkg

v2.23.0 | Report a Bug | By Email