Re: [openpgp] Fingerprints and their collisions resistance
Andrey Jivsov <openpgp@brainhub.org> Thu, 03 January 2013 22:33 UTC
Return-Path: <openpgp@brainhub.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BE7221F8DD4 for <openpgp@ietfa.amsl.com>; Thu, 3 Jan 2013 14:33:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.437
X-Spam-Level:
X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sd1DKhXoCr6L for <openpgp@ietfa.amsl.com>; Thu, 3 Jan 2013 14:33:56 -0800 (PST)
Received: from qmta12.emeryville.ca.mail.comcast.net (qmta12.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:44:76:96:27:227]) by ietfa.amsl.com (Postfix) with ESMTP id DEC5521F8DCB for <openpgp@ietf.org>; Thu, 3 Jan 2013 14:33:55 -0800 (PST)
Received: from omta17.emeryville.ca.mail.comcast.net ([76.96.30.73]) by qmta12.emeryville.ca.mail.comcast.net with comcast id jYow1k0071afHeLACaZvRo; Thu, 03 Jan 2013 22:33:55 +0000
Received: from [192.168.1.8] ([69.181.162.123]) by omta17.emeryville.ca.mail.comcast.net with comcast id jaZk1k00A2g33ZR8daZuP3; Thu, 03 Jan 2013 22:33:55 +0000
Message-ID: <50E60748.3040103@brainhub.org>
Date: Thu, 03 Jan 2013 14:33:44 -0800
From: Andrey Jivsov <openpgp@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120605 Thunderbird/13.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <50E530D6.6020609@brainhub.org> <50E5494E.6090905@iang.org>
In-Reply-To: <50E5494E.6090905@iang.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1357252435; bh=ddLeS+KzB2k9VU1sTv4oixy6ePHJOBb/61IDzPMFoWA=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=UaSNv5QJabsE0qmyFCnQpWFM3R0Ljjs6Q0Mhw53H9WjY96cmUjyHGZfvc+Q/vx0Zm /Q4+rmezKQqhHBjt+Lmz3wJcAL/8tG5j3g66iGQN7rT1Ip+v8G+FZbw7kxZna7uOTU sF417lu4kycDtdzZkyJcn9a18KuYG12EYMaBshFkIUgyxDYXALBBCPET5kW4kpfSYq f7A0AhQJmC/A28LF7jM7uEr75ycXP0obALkgSpFqWFH4Ob261tTfTLC0K1Woit9s4b GkEhQAol31DDn+/tK2TR03KwUaZWuTo+pAyX5kiBm9+v98QpHJi7sH/pPMwnmd8dE0 93r7xYMqQxLWQ==
Subject: Re: [openpgp] Fingerprints and their collisions resistance
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jan 2013 22:33:56 -0000
On 01/03/2013 01:03 AM, ianG wrote: ... > Now that SHA-3 is settled, it seems reasonable to clean out all of the > SHA-1s. > ... > > On another related point - have the MD numbers been allocated for SHA3 > in its various guises? In the process of writing such a draft I noticed that the only place in OpenPGP where SHA1 is used in collision resistance sensitive way without the possibility to change it is fingerprints. For this reason OpenPGP fingerprints stand out because these are the data structures that technically make (or soon will make) RFC 4880 non-compliant with recognized standards. I would separate the issue of fingerprints depending on known SHA1 weaknesses from any other task that can be categorized as "OpenPGP V5". Speaking of the Keccak in OpenPGP draft, I thought that it would be important to gather the feeling about the path of fixing the fingerprints. These issues are more dependent as seems. For example, if you have to use SHA-3-384 for fingerprints, it affects the decisions about SHOULDs for hashes elsewhere. I have this Keccak in OpenPGP darft written, waiting to for the NIST to publish SHA-3 and the OIDs assigned.
- [openpgp] Fingerprints and their collisions resis… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… ianG
- Re: [openpgp] Fingerprints and their collisions r… Nicholas Cole
- Re: [openpgp] Fingerprints and their collisions r… Jon Callas
- Re: [openpgp] Fingerprints and their collisions r… Arturo 'Buanzo' Busleiman
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… Tony Hansen
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… Werner Koch
- Re: [openpgp] Fingerprints and their collisions r… Daniel Kahn Gillmor
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… Daniel Kahn Gillmor
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… ianG
- Re: [openpgp] Fingerprints and their collisions r… ianG
- Re: [openpgp] Fingerprints and their collisions r… ianG
- Re: [openpgp] Fingerprints and their collisions r… Christian Aistleitner
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… jbar
- Re: [openpgp] Fingerprints and their collisions r… Christian Aistleitner
- Re: [openpgp] Fingerprints and their collisions r… Daniel Kahn Gillmor
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… ianG
- Re: [openpgp] Fingerprints and their collisions r… Jon Callas
- Re: [openpgp] Fingerprints and their collisions r… Werner Koch
- Re: [openpgp] Fingerprints and their collisions r… Daniel Kahn Gillmor
- Re: [openpgp] Fingerprints and their collisions r… Jon Callas
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… Andrey Jivsov
- Re: [openpgp] Fingerprints and their collisions r… Werner Koch
- Re: [openpgp] Fingerprints and their collisions r… Werner Koch
- Re: [openpgp] Fingerprints and their collisions r… Bill Frantz
- Re: [openpgp] Fingerprints and their collisions r… Jon Callas
- Re: [openpgp] Fingerprints and their collisions r… Nicholas Cole
- Re: [openpgp] Fingerprints and their collisions r… ianG