IETF Logo Mail Archive

Re: V5 key packet format requirements

nagydani@epointsystem.org (Daniel A. Nagy) Fri, 03 February 2006 19:07 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F56Gw-0005Tg-54 for openpgp-archive@megatron.ietf.org; Fri, 03 Feb 2006 14:07:08 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA29803 for <openpgp-archive@lists.ietf.org>; Fri, 3 Feb 2006 14:05:10 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k13IpLlk078182; Fri, 3 Feb 2006 10:51:21 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k13IpLo6078181; Fri, 3 Feb 2006 10:51:21 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k13IpKVA078173 for <ietf-openpgp@imc.org>; Fri, 3 Feb 2006 10:51:20 -0800 (PST) (envelope-from nagydani@epointsystem.org)
Received: by mail.epointsystem.org (Postfix, from userid 1001) id 373592B47D5; Fri, 3 Feb 2006 19:51:19 +0100 (CET)
Date: Fri, 03 Feb 2006 19:51:19 +0100
To: Konrad Rosenbaum <konrad@silmor.de>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: V5 key packet format requirements
Message-ID: <20060203185119.GB2064@epointsystem.org>
References: <20060202160713.GB18144@epointsystem.org> <43E3443D.90609@algroup.co.uk> <43E3882C.8060607@systemics.com> <200602031909.10133@zaphod.konrad.silmor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200602031909.10133@zaphod.konrad.silmor.de>
User-Agent: Mutt/1.5.6+20040907i
From: nagydani@epointsystem.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Fri, Feb 03, 2006 at 07:09:06PM +0100, Konrad Rosenbaum wrote:

> Consequently one would also need to scrap the logic that a signature is 
> invalid if it predates the key (that's somewhere in RFC2440).

I disagree. I'm merely advocating moving the key creation time into the self
signature, which is the only obstacle to forgery anyway:

If you give me a signed document that predates the key along with that key,
I can change the date in the key, re-calculate the hash, change the
reference to the key in the signature and voila, I have a valid signature,
without access to any private info. The only thing stopping me is the
self-signature on the key, which also hashes the key creation date. So, that
self-signature is the real cryptographic protection, not the reference in the
document signature. Thus, one does not reduce security a bit by moving the key
creation date into the self-signature. That is where it belongs.
 
> Why not: hash the _complete_ public key packet _as_is_ without any 
> modifications? 
>
> The computational load of hashing a few bytes more and of slicing them first 
> should be about identical.
>
> It is very easy to implement (read as: less potential security holes through 
> programming mistakes and higher interoperability).
> 
> It is much more resistant against upcoming attacks than a selective model.

I agree. This is why I am calling for throwing the key creation date out
of the key packet. The key packet should only contain an algorithm identifier,
the key material and possibly deterministic functions thereof.

-- 
Daniel

v2.23.0 | Report a Bug | By Email