IETF Logo Mail Archive

Re: [openpgp] Followup on fingerprints

Vincent Breitmoser <look@my.amazin.horse> Tue, 04 August 2015 00:38 UTC

Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C76B11B31B0 for <openpgp@ietfa.amsl.com>; Mon, 3 Aug 2015 17:38:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7DRMYdPZGLm for <openpgp@ietfa.amsl.com>; Mon, 3 Aug 2015 17:38:58 -0700 (PDT)
Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE98D1B31A9 for <openpgp@ietf.org>; Mon, 3 Aug 2015 17:38:57 -0700 (PDT)
Received: from localhost (p57B2CB30.dip0.t-ipconnect.de [87.178.203.48]) by mail.mugenguild.com (Postfix) with ESMTPSA id D39C25FCEF; Tue, 4 Aug 2015 02:34:54 +0200 (CEST)
References: <87twsn2wcz.fsf@vigenere.g10code.de> <CAMm+LwgRJX-SvydmpUAJMmN3yysi4zzGSpO2yY4JAMhD-9xLgQ@mail.gmail.com> <87zj2ecmv8.fsf@alice.fifthhorseman.net> <CAMm+LwgKmcTes=V7uS3MjCQixWCo-i7PY=VE7eCHSqt3Ho3OSg@mail.gmail.com> <87a8udd4u6.fsf@alice.fifthhorseman.net> <sjm61503182.fsf@securerf.ihtfp.org> <CAMm+LwgEVySpfL-iN2uzX-4tu7R+isDkHE9D8uAeLTxxd4VxqQ@mail.gmail.com> <sjmwpxc1kbv.fsf@securerf.ihtfp.org> <CAAS2fgR6LYck+km5Ze6S9z65ZgsR61d8md2CqojDaceZ0OrZrw@mail.gmail.com> <9c2c8c5df67c83925d7e3c21fe943483.squirrel@mail2.ihtfp.org> <20150803173231.GG3067@straylight.m.ringlet.net> <2439a89a6c4eb70044e144406a732482.squirrel@mail2.ihtfp.org>
From: Vincent Breitmoser <look@my.amazin.horse>
To: Derek Atkins <derek@ihtfp.com>
In-reply-to: <2439a89a6c4eb70044e144406a732482.squirrel@mail2.ihtfp.org>
Date: Tue, 04 Aug 2015 02:38:50 +0200
Message-ID: <87io8v7uqt.fsf@littlepip.fritz.box>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/siLQXJJErrTS_6qbLI-7QWMEkNA>
Cc: Gregory Maxwell <gmaxwell@gmail.com>, Phillip Hallam-Baker <phill@hallambaker.com>, Peter Pentchev <roam@ringlet.net>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Followup on fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2015 00:38:59 -0000

Maybe I missed an answer to this, but could someone please explain what
the point of finding a collision on a pgp fingerprint is, and why we
need to consider it as an attack scenario in the first plce?

Let's say you spent the (cpu) time, and you now have two different pgp
keys with the same fingerprint.  What do you do with those?

 - V

v2.23.0 | Report a Bug | By Email