IETF Logo Mail Archive

Re: [openpgp] Fingerprint schemes versus what to fingerprint

Werner Koch <wk@gnupg.org> Thu, 07 April 2016 06:40 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34E1412D56C for <openpgp@ietfa.amsl.com>; Wed, 6 Apr 2016 23:40:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x70b71ze0MRg for <openpgp@ietfa.amsl.com>; Wed, 6 Apr 2016 23:40:22 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7F0512D56A for <openpgp@ietf.org>; Wed, 6 Apr 2016 23:40:21 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1ao3c2-0005ZA-Rf for <openpgp@ietf.org>; Thu, 07 Apr 2016 08:40:18 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1ao3bd-0005ob-RG; Thu, 07 Apr 2016 08:39:53 +0200
From: Werner Koch <wk@gnupg.org>
To: Bryan Ford <brynosaurus@gmail.com>
References: <43986BDA-010F-4DBF-8989-53E71B74E66A@gmail.com> <20151110021943.GH3896@vauxhall.crustytoothpaste.net> <72665D15-F685-41F6-A477-8E65DBBC5A04@gmail.com>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367
Mail-Followup-To: Bryan Ford <brynosaurus@gmail.com>, openpgp@ietf.org
Date: Thu, 07 Apr 2016 08:39:53 +0200
In-Reply-To: <72665D15-F685-41F6-A477-8E65DBBC5A04@gmail.com> (Bryan Ford's message of "Wed, 6 Apr 2016 15:15:59 -0300")
Message-ID: <87egahvs5i.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/xovkw5iVQH0ZVnIBCtI_T8oR5Ho>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Fingerprint schemes versus what to fingerprint
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 06:40:25 -0000

On Wed,  6 Apr 2016 20:15, brynosaurus@gmail.com said:

> 1. What fingerprint scheme(s) should OpenPGP move to going forward?

A SHA-256 hash of the artificial OpenPGP key packet as we use it right
now.  The open question is whether to 

  - include a creation timestamp,
  - a timestamp but fixed to 0 (as Google End-to-End does),
  - some other static info data to surely separate that fingerprint from
    other protocols fingerprint using the same key (i.e. token based)
  - no creation timestamp

The rationale for SHA-256 is that this is the only fast algorithm on all
platforms.

A related question is how to identify the new fingerprint scheme in
OpenPGP objects which store a fingerprint:

  - Implicit by the length of the fingerprint,
  - or by a prefix byte with the hash algorithm,
  - or by a prefix byte with the key version number,
  - or by a prefix byte with the length of the fingerprint.

All but the first options allow to store a truncated fingerprint in some
object (the forthcoming Issuer-Fpr signature subpacket, the updated
Revocation Key subpacket).  I tend to prefer the second option because
this reflects existing usage:

  5.2.3.25.  Signature Target

   (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)

The public-key algorithm byte does not make much sense, though.

> 2. What exactly should the OpenPGP “application” fingerprint with that scheme?
>
> To clarify, I propose to define a “fingerprint scheme” as an algorithm
> that takes a raw octet string and produces an ASCII string of some

You describe how a fingerprint is presented to the user.  This has been
out of scope for OpenPGP.  Implementations have settled for a de-facto
standard outside of the protocol.  I think we should keep it this way
and at best give only a suggestion for a human readable format.

Humans are bad at comparing fingerprints; this should in general be left
to the software and additional protocols to establish a connection
between an identity and a key/fingerprint.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email