IETF Logo Mail Archive

Re: [openpgp] Fingerprint schemes versus what to fingerprint

Werner Koch <wk@gnupg.org> Thu, 07 April 2016 15:28 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F41F12D543 for <openpgp@ietfa.amsl.com>; Thu, 7 Apr 2016 08:28:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nVUqmW2rF7NG for <openpgp@ietfa.amsl.com>; Thu, 7 Apr 2016 08:28:31 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B4FB12D5BF for <openpgp@ietf.org>; Thu, 7 Apr 2016 08:20:20 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1aoBjG-0000Yq-Mz for <openpgp@ietf.org>; Thu, 07 Apr 2016 17:20:18 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1aoBes-0000Ue-6W; Thu, 07 Apr 2016 17:15:46 +0200
From: Werner Koch <wk@gnupg.org>
To: Bryan Ford <brynosaurus@gmail.com>
References: <43986BDA-010F-4DBF-8989-53E71B74E66A@gmail.com> <20151110021943.GH3896@vauxhall.crustytoothpaste.net> <72665D15-F685-41F6-A477-8E65DBBC5A04@gmail.com> <87egahvs5i.fsf@wheatstone.g10code.de> <333ABB52-E84C-4039-80AE-01ABE65A91D7@gmail.com>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367
Mail-Followup-To: Bryan Ford <brynosaurus@gmail.com>, openpgp@ietf.org
Date: Thu, 07 Apr 2016 17:15:46 +0200
In-Reply-To: <333ABB52-E84C-4039-80AE-01ABE65A91D7@gmail.com> (Bryan Ford's message of "Thu, 7 Apr 2016 11:44:11 -0300")
Message-ID: <871t6hsb4t.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/oREBa34GlVJ0iJTkLlGJG-GUfhU>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Fingerprint schemes versus what to fingerprint
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 15:28:32 -0000

On Thu,  7 Apr 2016 16:44, brynosaurus@gmail.com said:

> What about Blake2?  If OpenPGP will be using Argon2 for password
> hashing, then all implementations will need to have a Blake2

I was out of the room for some ninutes while this was discussed
yesterday.  I did not assume that this will be a MUST algorithm.

> This is tricky: a further related question is how OpenPGP
> implementations decide what “kind” of fingerprint to produce, or

That is easy: a v4 key creates a v4 fingerprint (SHA-1) and for the new
fingerprint we will requires a v5 key format.  We have a lot of
experience with that given that v3 keys used yet another fingerprint

> present to the user, or expect to get, when doing something with a
> particular public key.  As many people have pointed out, it will be
> terrible for user experience if users have to start juggling
> “new-style” and “old-style” fingerprints for the same public key:

IIRC, we agreed that there will be only one fingerprint format for a
given key.  Obviously this means that existing keys can't use the new
fingerprint format - which is not a problem at all.

> - Define each pub key scheme as having one and only one corresponding
> fingerprint scheme.  i.e., all existing/legacy pub key schemes remain
> stuck with old SHA1 fingerprints and only new pubkeys generated under
[..]
> might mean that we never get to use new fingerprints with RSA/DSA key
> pairs etc, which may be a non-starter.

Why should one not be able to create an RSA, DSA, or ECDSA key with the
new format?  It will take some time until one can switch to the new
format so that most user are able to handles this.  But this
unavoidable in any case.

> - Add a “preferred fingerprint scheme” field of some kind to the

Ah no, this defeats the goal of having a unique fingerprint for one
key.

> Although it might be good enough to rely in practice on “de facto”
> standards for fingerprint presentation, it would suck if two users

It worked well the last 20 years (modulo the need to compare date and
size of the v3 keys).

> with different OpenPGP implementations had no way at all of
> comparing/verifying fingerprints because one uses presentation X and

Let them enter the fingerprint into their GUI and the software does the
match.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email