Re: [openpgp] Proposed text for V5 fingerprint
Phillip Hallam-Baker <phill@hallambaker.com> Mon, 19 September 2016 13:24 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CED1C12B05A for <openpgp@ietfa.amsl.com>; Mon, 19 Sep 2016 06:24:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HUMQ7bKEp16N for <openpgp@ietfa.amsl.com>; Mon, 19 Sep 2016 06:24:16 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 274E712B0ED for <openpgp@ietf.org>; Mon, 19 Sep 2016 06:24:16 -0700 (PDT)
Received: by mail-qk0-x236.google.com with SMTP id t7so145958427qkh.2 for <openpgp@ietf.org>; Mon, 19 Sep 2016 06:24:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=5b5OKg2LhESR8ed8MEVOgW/xL4GoCX0u2EwKoqa9zx0=; b=AzJ/x3Ng5v5I2hrdajGnAkCo/6IRA7g3Ky5Gryw113X/WjJjgBNAPMfmLlkr9J4w58 WidSCOUgPq8kyhYjkZUW8KS8lEHFhJnp1HBy59HHkTU9ycs7cXpEXEFaBgE2w/cDFzZn YUdlYxfCuDiMLjlME31e1fXS5jVFLaWkRTG9M8tmmwA1vcus5/jGHprv5Ph/uLqN4PJU 0HQNeHmwqK5iBBNJuu9t2zRcfy2rbObPkKVX6ye/Y/y4lE74oqovUks+jdp3UeJqW7Pk HmCoai/mZTGknsbuD/S9LPTqI8FBBZBajrKcsMx2ey9hYrbXvv0dv+zz2/VMHc7YBlWf i7GQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=5b5OKg2LhESR8ed8MEVOgW/xL4GoCX0u2EwKoqa9zx0=; b=R/Jc8IsPTKMidjUv1oWVtjucPI3FeXnvlLry8NREObOnbbpbe+hYxHjSb6+O5PCJl/ JR3ZQq3RNjOxocOdTjU0v8yS2JZsMBwKOQTx+HEX6xxaQdAsQdu5/84dNKfOJe6wDgG8 bn9biBQSGENlL6TqS3K4u1fCDe96L8W9WfOZFm23se0YqsqX6Q2RmjlIHjRETWTMvyie Twu3Z3Cy3A0d3Zrjd0NvdztVoZv+i5LGQCGE+DWUzqBBenWCGutt+1AYA75/EdHiEO1W b9Ibrnof8NKnbP/84rjSJWYxhKQ1IULRhxUl2ie+H5SkTaM+0W6i7hzzfRtjnXq23ALV zIZw==
X-Gm-Message-State: AE9vXwNR08jlv1rATR0I9D2rjBlsKiAPvW/rdEl9TarpuD+hxiv63Yq24KPJ/T+X9Eh0Xotx0MBqYEc/QlF/9g==
X-Received: by 10.55.6.8 with SMTP id 8mr30329538qkg.5.1474291455331; Mon, 19 Sep 2016 06:24:15 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.55.209.87 with HTTP; Mon, 19 Sep 2016 06:24:14 -0700 (PDT)
In-Reply-To: <CADGaDpE7qdY8VnHWQboW5RYoDTs0GsgT8A8Zg2psKi9goQ=RHQ@mail.gmail.com>
References: <CAMm+Lwhz973u20W0TETFrE0Y_frKQth=B0QcisP5bD2jskta4g@mail.gmail.com> <CAMm+Lwj595p1QtrBbFTeig0VX2Mg0giBXCoZNhNZwzXuKfVUNQ@mail.gmail.com> <CADGaDpEJhvktfTtr1V6rVdd7LqORDwwZhFbbSZnz-7LdH_6qEA@mail.gmail.com> <CAMm+Lwjz603dPF+74A0tXBhOC86+ag8r2qHcD8LoVZcrDSTpXQ@mail.gmail.com> <CADGaDpEL7CiO+cWzA=cEDjAqjLwvnf9efRkGOFBsHtgEjcZA0A@mail.gmail.com> <CAMm+LwjC94cKFCbRrTYAcixqkVygQ7zefRAE0pb7nXQBGg+50Q@mail.gmail.com> <CADGaDpE7qdY8VnHWQboW5RYoDTs0GsgT8A8Zg2psKi9goQ=RHQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 19 Sep 2016 09:24:14 -0400
X-Google-Sender-Auth: dp-KJXoR4MUdB9beFzgjLB3Tovg
Message-ID: <CAMm+LwiEJJeTvOXaacHiX01ytq5BuoQykcK2kPH_wZcvokyDDQ@mail.gmail.com>
To: Thijs van Dijk <schnabbel@inurbanus.nl>
Content-Type: multipart/alternative; boundary="001a114da1127d987f053cdc3a1e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/voQl3LeFEBl2QkGtg-UMyYhOe8w>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Proposed text for V5 fingerprint
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Sep 2016 13:24:26 -0000
On Mon, Sep 19, 2016 at 6:36 AM, Thijs van Dijk <schnabbel@inurbanus.nl> wrote: > On 17 September 2016 at 23:43, Phillip Hallam-Baker <phill@hallambaker.com > > wrote: > >> >> > The only thing that forces a change of VersionID is a change in digest >> algorithm. Which is probably the thing that would lead to a V6 format >> anyway. >> > > That's a good point. In fact, I'll hazard a guess and say that that's > likely to be the only event to warrant a key version bump. > Yep, if it wasn't for the fact that we need to get rid of the issue time and use SHA2 and Base32, maybe we wouldn't be doing it now. I hope OpenPGPv6 won't need to rev the format. > I think we should kill fingerprints with a work factor of less than 2^92 >> as unsafe. No matter what, they just keep coming back and biting in bad >> ways. >> > > Fair enough. > At the other end of the spectrum, do you have any thoughts on what we can > consider the "full" fingerprint? This scheme has an implied maximum length > of 500 bits (the largest multiple of 25 less than 512+8). Apart from > specifying a minimum (100 bits), do you think we should make a > recommendation for what is an appropriate level of assurance? (E.g. 250 > bits - 10 groups of 5 base32 characters, similar in size and grouping to V4 > fingerprints.) > I think that for virtually all purposes, a 50+9 character (i.e. 2^242 work factor) fingerprint is sufficient. I don't see more being useful unless you are really keen on keeping the full 256WF of AES-256. This is a manageable length for configuration files (looking at you SSH). So yesterday, I was working on a IoT project to develop a secure means of controlling the garage door etc. on the house. The config file looks like: Remote1 = M5VWK-ZTIO5-WGWZL-GNRVX-OZLGN-RVXOZ-LGNJW-GW53K-MVTGY-2LKNR Remote2 = MF3WU-23FNR-VWU4L-XMVTG-Y23RN-J3WK3-DGNNY-XO3DL-MVTGU-3DLOF ... In this case the remote is currently a Teensy 3.2 device ($12) that has a 32 bit processor and so I am using public key (cos I can). But I might well want to use a Kerberos type approach and a cheaper CPU (Arduino Nano, $1.30) instead. I can still use the same approach to authenticate and authorize the remote. Note that the configuration file does not need to specify the type of key because that will be specified when the public portion of the key is presented. Whether that is a Curve25529 key or a Kerberos ticket, the message that presents the public key will specify what it is. I could well see the same approach for SSH authorized_keys files. In fact my project for this morning/week is to get something like this working: mesh M5VWK-ZTIO5-WGWZL-GNRVX-OZLGN-RVXOZ-LGNJW-GW53K-MVTGY-2LKNR ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0KJDLOiiXj9XdMxiCT9Kv ... (5000 chars).. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAywWhrwq4FjHt+UuwZcZ ... (5000 chars).. The first lines is the actual trust anchor which is a fingerprint of a master key of a mesh profile. This is a long term (100 year) key and is not expected to change. The next two lines are keys that have been fetched from the mesh and are the latest SSH keys for the two devices the user has connected to that profile for SSH use. The equivalent for OpenPGP would be to manually edit your keyring. In this case Carol enters the following: alice@example.com M5VWK-ZTIO5-WGWZL-GNRVX-OZLGN-RVXOZ-LGNJW-GW53K-MVTGY-2LKNR bob@example.com MF3WU-23FNR-VWU4L-XMVTG When a mail from Bob is received, the mail client updates its copy of the keyring with the strengthened fingerprint: alice@example.com M5VWK-ZTIO5-WGWZL-GNRVX-OZLGN-RVXOZ-LGNJW-GW53K-MVTGY-2LKNR bob@example.com MF3WU-23FNR-VWU4L-XMVTG-Y23RN-J3WK3-DGNNY-XO3DL-MVTGU-3DLOF Apart from this, you'll be glad to know that I've kicked the tyres of this > proposal about all I can, and I like it a lot. Eagerly awaiting someone > else to chime in at this point. > Thanks for doing so.
- [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker
- Re: [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker
- Re: [openpgp] Proposed text for V5 fingerprint Thijs van Dijk
- Re: [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker
- Re: [openpgp] Proposed text for V5 fingerprint Thijs van Dijk
- Re: [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker
- Re: [openpgp] Proposed text for V5 fingerprint Thijs van Dijk
- Re: [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker
- Re: [openpgp] Proposed text for V5 fingerprint Phillip Hallam-Baker