Ooops, forgot to reassert the bit....
</proto-hat off>
On 6 May 2015, at 11:33, Christopher LILJENSTOLPE wrote:
<proto-hat off>
On 6 May 2015, Werner Koch wrote:
To be future proof we should get away from SHA-1 for fingerprints
and use SHA-256 (or SHA-512) instead.
I have no quarrel with changing the hash algo. If it improves security
at no cost of usability or complexity - go for it.
The external representation and even the internal use in OpenPGP is a
different issue and I am all in favor for truncating it to 32 bytes
for internal use and printing only up to 20 bytes. This avoids extra
work and SHA-256 is anyway required.
Sounds good to me. I'm just afraid that if "something stronger" is
available, people are going to use it. Design decisions and established
culture on top of the standard tend to be maximum conservative. Sort of
if you don't use the "full fingerprint" you're not doing "everything you
can" and people will use all 32 bytes no matter if it was ever intended
that way. That's not a huge deal, we just need to keep it in mind.
I would leave the fingerprint length at 20 bytes in the standard, if an
implementation chooses to use more internally that's up to them.
Defining the fingerprint to be 32 bytes, then adding "for printing, it
SHOULD be truncated to 20 bytes" seems silly.
I think this is a reasonable approach. The phrasing I would use would be
something along the lines of:
Any implementation MUST accept a 20 byte fingerprint for validation,
consisting of the first 20 bytes of the calculated fingerprint.
An implementation MAY output, or accept, a longer fingerprint, if desired.
An implementation MAY output, or accept, the legacy SHA-1 fingerprint, for
interoperability, but it's use SHOULD be discouraged.
The use of RFC 4648 would make things easier, btw, and also signal the new
fingerprint model.
The concept will be familiar to anyone who uses git, btw.
Christopher
- V
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
--
李柯睿
Avt tace, avt loqvere meliora silentio
Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc
Current vCard here: http://www.asgaard.org/cdl/cdl.vcf
keybase:
https://keybase.io/liljenstolpe_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
--
李柯睿
Avt tace, avt loqvere meliora silentio
Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc
Current vCard here: http://www.asgaard.org/cdl/cdl.vcf
keybase: https://keybase.io/liljenstolpe
smime.p7s
Description: S/MIME digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp