ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Speculative Mode for KeyIDs of all zeroes

1997-12-07 19:18:50
from [Bill Stewart] [Permanent Link] 
At 09:53 AM 12/06/1997 +0000, Ian Grigg wrote:

Hmmm.  True, a very good point, a test would be needed.  Maybe it should
only be supported in text mode ('t' flag on?), or maybe there should be
a magic number within.  If it was only in test mode, then binaries could
be done by armouring (or whatever) inside.


Binary's fine, if the Symmetrically Encrypted  Data Packets contains
a Compressed Data Packet or Literal Data Packet or Signature Packet
or OnePass Signature Packet or other recognizable PGP form.


Another option is to only check the "default" key,
though default key really an artifact of the user interface
rather than something OPGP needs to know about.

Another problem is that most PGP implementations will treat the keys on
the rings in  a simple fashion, so the first implementations of the
Zeroes feature are likely to ask the user for *all* the keys in
succession ... <blech>.


Boring, eh?  But most people don't have too many secret keys,
so it isn't really that much slower, and you can skip any keys
that aren't the right length to match the encrypted session key.
(E.g. if the ESK is 1024 bits long, you can skip that 2047-bit
signature-only key and your 512-bit regular-use key.
It's probably a good idea for people who are this paranoid to
use standard length keys, probably 1024, since that
1984-bit key is somewhat of a giveaway.)


I wouldn't even make it SHOULD as it will be quite difficult to get
right, from the comments above.  MAY is fine by me.


Agreed, especially since you can do it with wrappers and not need
to trouble the OPGP implementation directly.
MAY accept KeyID 0, and MAY generate KeyID 0 instead of a real key,
and if you send a KeyID 0 to somebody who you don't know has it,
you should expect to lose.  I suppose Notation Subpackets
aren't a bad place to indicate that you support KeyID 0.


As a side-effect, would we add "An implementation SHOULD treat KeyID of
all zeroes  as a reserved and/or bad key?"  What is the source and
semantics of a KeyID of zero?  Presumably it must happen as keyservers
are worried about clashes, so should a key that generates with this be
considered a bad key?


The probability of a generating a key with KeyID of 0 is 2**-64.
It could happen by accident, though it probably won't, and worst case is
the lucky user of such a key will just have to check all messages 
sent to him that have KeyID 0 against all his keys.
Annoying, but no loss of functionality.
                                Thanks! 
                                        Bill
Bill Stewart, stewarts(_at_)ix(_dot_)netcom(_dot_)com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  PGP Inc. cleans off the KRAP, Peter Gutmann
Next by Date:  We bulk Email for You, 6vc8eqq93
Previous by Thread:  Re: Speculative Mode for KeyIDs of all zeroes, Ian Grigg
Next by Thread:  Re: Comments on draft - Long., Lutz Donnerhacke
Indexes:  [Date] [Thread] [Top] [All Lists]