Re: [openpgp] Fingerprints
ianG <iang@iang.org> Thu, 07 May 2015 12:09 UTC
Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 839D81A8845 for <openpgp@ietfa.amsl.com>; Thu, 7 May 2015 05:09:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id npE3L2gsn5no for <openpgp@ietfa.amsl.com>; Thu, 7 May 2015 05:09:28 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E03541A886A for <openpgp@ietf.org>; Thu, 7 May 2015 05:09:27 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 693216D826; Thu, 7 May 2015 08:09:26 -0400 (EDT)
Message-ID: <554B55F5.1060307@iang.org>
Date: Thu, 07 May 2015 13:09:25 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net> <sjmlhhmakxp.fsf@securerf.ihtfp.org> <871tiupupe.fsf@littlepip.fritz.box> <1430869683.28399.109.camel@scientia.net> <CAMm+LwgE0eOD1JgLYUwA_4Gh+pm-vGGd9hPX9KoUqQ9=RHBygg@mail.gmail.com> <1430937492.28399.127.camel@scientia.net> <CAMm+Lwh2J6mMuDouc1PtBpfTU5Pcwj=+KNDehi6nwRabivoOrg@mail.gmail.com>
In-Reply-To: <CAMm+Lwh2J6mMuDouc1PtBpfTU5Pcwj=+KNDehi6nwRabivoOrg@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/wQCQlZosRis4MDXKT7yr6WJF8cI>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2015 12:09:30 -0000
+1 on PHB's plan. On 6/05/2015 21:38 pm, Phillip Hallam-Baker wrote: > On Wed, May 6, 2015 at 2:38 PM, Christoph Anton Mitterer >>> We do not even need to decide on a strength. Just make is so that the >>> number of significant bits is however many bits that are provided. We >>> can all use SHA-2-512 or SHA-3-512 and truncate to 125, 150, 250... >>> bits as the application requires. >> I'm a bit sceptical about that... I think we rather should specify some >> lengths/format and at least not encourage implementations to choose what >> they think would be enough (cause then we have folks like GNOME which >> take the first and last byte or so *grin*) For b-cards and so forth it isn't nearly as important to specify a length or strength for security reasons. People can roll their own business cards any time they want to change, and often they want something shorter so that it fits nicely. This is a manageable risk. > If we are using Base32 and character groups of 5 characters (7-2 > rule), the keys naturally come in 25 bit increments. > > A 125 bit fingerprint has 117 bits and looks like this: > MFRTK-NJSMF-STOMR-WG5ST-ONZXGA > > If we go for 150 bits we get: > MFRTK-NJSMF-STOMR-WG5ST-ONZXGA-YDKZB Concur - this is good. It also nicely skips 160 bits, so we can even imply the new hash from the length. > In 'under the covers' applications the user does not need to see, I > would hope we would support use of the 256 bit or full 512 bit > fingerprint. I would also hope we can use the possibility of an online > store to 'stretch' a fingerprint. If the user types in a 25 character > fingerprint, the system can get the rest off a key service. Right, under the hood, use the full hash. Why muck around? iang
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Werner Koch
- [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Tom Ritter
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Stephen Paul Weber
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints David Shaw
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Designated Revokers Vincent Breitmoser
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Daniel Ranft
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- [openpgp] [RFC4880bis PATCH] Deprecate "Revocatio… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Neal H. Walfield
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Werner Koch
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Paul Wouters
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… Daniel Kahn Gillmor