Re: [openpgp] Fingerprints
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 18 April 2015 05:10 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 858F21A911B for <openpgp@ietfa.amsl.com>; Fri, 17 Apr 2015 22:10:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.357
X-Spam-Level:
X-Spam-Status: No, score=-0.357 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17F2ucLwc0lu for <openpgp@ietfa.amsl.com>; Fri, 17 Apr 2015 22:10:50 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 7AD7B1A047A for <openpgp@ietf.org>; Fri, 17 Apr 2015 22:10:50 -0700 (PDT)
Received: from fifthhorseman.net (x55b4dbcd.dyn.telefonica.de [85.180.219.205]) by che.mayfirst.org (Postfix) with ESMTPSA id AB12DF986 for <openpgp@ietf.org>; Sat, 18 Apr 2015 01:10:45 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id BAA412070B; Fri, 17 Apr 2015 13:46:21 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: IETF OpenPGP <openpgp@ietf.org>
In-Reply-To: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Fri, 17 Apr 2015 13:46:21 -0400
Message-ID: <87d232lkb6.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/qVZaX7ibzSaF3PzgT45Bi22ejRw>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2015 05:10:52 -0000
On Fri 2015-04-10 09:23:18 -0400, Phillip Hallam-Baker wrote: > On Fri, Apr 10, 2015 at 7:38 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: >> >> Hiya, here's the 2nd thread, starting from DKG's list. >> >> a) update the fingerprint format (avoid inclusion of creation date, use >> stronger digest algorithm; i'm dubious about embedding algorithm >> agility in the fingerprint itself, but explicit version info in the >> fingerprint might be reasonable so we don't have to keep guessing by >> fpr structure for future versions) > > I would like to get started on this bit ASAP as it is the one that has > the most long term consequences. I've been chewing over this discussion for a while, and i find myself coming out fairly conservative on this. I think i'm leaning toward something like a 200- or 250-bit truncation of a strong digest (sha-512 is fine with me) over a common representation of just the key material (SubjectPublicKeyInfo is fine with me, though i understand the ASN.1 concerns). I am ok with inferring fingerprint version by structure. I don't much care about the difference between hex (base16) and base32 -- base32 reduces the length by 20% and it introduces some extra confusion when communicating the fingerprint by voice. Here's my attempt at clarification for why i find myself in this position: As an exercise, i tried to write down all the places that i expect fingerprints to be useful. Perhaps surprisingly, i think there are not that many good use cases for fingerprints. I came up with: 0) keyserver lookup -- Finding or retrieving a key on the basis of a fingerprint. If you have hte fingerprint, you should be able to get a copy of the key. 1) key verification -- I have a copy of a key that i think might be yours, and i want to confirm that it's yours without a mechanized byte-for-byte comparison of the entire key. This covers the "put it on a slip of paper for out-of-band confirmation" use case. Are there actually any other use cases for the fingerprint? Truncated fingerprints (which we call keyids) are also used in some workflows, for example, by some tools to provide a human-accessible handle for the key. I don't think this is appropriate, as i've argued elsewhere: https://www.debian-administration.org/users/dkg/weblog/105 I should also be clear: i *don't* think we want a many different fingerprint variants. I actually don't think we want more than one for OpenPGPv5. And i don't think we should choose a design that will encourage people to pick their favorite fingerprint algorithm. Fingerprints are useful because everyone uses the same one. I don't want to put have to two v5 fingerprints on my business card for the same key to satisfy two different fingerprint camps. the transition period where i need a v4 fingerprint and a v5 fingerprint is going to be bad enough, let's not make that persistent. If i put one form of a v5 fingerprint on mine, and you put another, then any implementation that copes with them (keyservers; manual verifiers) will have to understand and work with them both. The fingerprint decisions i made came from these factors: * version detection: how do we know that this is fingerprint format X? * truncation: how long is the fingerprint? Is it acceptable to truncate further? If so, by how much? Werner's note is also relevant here as we move to ECC keys: > Short fingerprints are important; if they are getting too long > they won't serve a purpose because the public key could be used > directly. If we use a 256-bit fingerprint for a 255-bit curve25519 key, what's the point? * digest algorithm; we need preimage resistance; we do not need collision resistance. * what material gets digested; at a minmum, this is: - the algorithm for the key (incl. any parameters) - public key values (mpi's, bitstrings) it's not clear to me that there is any advantage to adding anything else here. * what structure is used to frame the material before digest; v4 uses an approximation of the public key packet format as a framing device, but this ends up including the creation date. we could use the ASN.1 SubjectPublicKeyInfo format (as phb suggests), though some people are (probably understandably) allergic to ASN.1. Or we could make up our own structure, yuck! * human-representable form of the digest: e.g. hex, base32, common hyphenation patterns, etc. there are legibility/usability factors here that i don't know enough to comment on. Did i miss any factors? --dkg
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Werner Koch
- [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Tom Ritter
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Stephen Paul Weber
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints David Shaw
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Designated Revokers Vincent Breitmoser
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Daniel Ranft
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- [openpgp] [RFC4880bis PATCH] Deprecate "Revocatio… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Neal H. Walfield
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Werner Koch
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Paul Wouters
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… Daniel Kahn Gillmor