On Sun, Jan 16, 2005 at 12:04:37PM +0100, Simon Josefsson wrote:
This seems like a good solution. Will there ever be a need to have
key id's of different length than 4, 8, 16 and 20 bytes? The BNF now
reads:
id := 4*HEXDIG / 8*HEXDIG / 32*HEXDIG / 40*HEXDIG
And I'm not certain it is a good idea to allow the flexibility of
id := *HEXDIG
I like the simplicity and flexibility of this. The key ID field is a
message from the OpenPGP user to the world. Specifying that the ID
must be a particular length doesn't really help anyone, since it is up
to the recipient to decide how the key ID is going to be handled
anyway. Plus, someday we'll have a v5 key. Chances are it won't be
40 hex digits long.
Thanks for this input. I have been trying to understand why
algo/size/created are needed, but nobody has been able to explain it
to me.
The reason was supposedly that with v3 keys, you subject to something
called the 0xDEADBEEF attack, where I infer that keys can be created
easily with any given key id. The attack is not possible with v4
keys. Someone said the attack is harder for v3 keys if you also
compare the key size, key algorithm and creation time.
There are actually two different attacks. It is trivial to create a
V3 key with any key ID you like. That's the 0xDEADBEEF attack. There
is a different attack altogether (but lacking a catchy name), which is
against the V3 fingerprint. Since the V3 fingerprint consists of the
RSA values n and e, but not their lengths, you can do tricks with
'sliding' bits from one into the other. The end result is a
constructed V3 key with the same fingerprint as the 'victim' V3 key.
The trick is that such a constructed key will always have a different
size than the original key.
Without understanding the motivation for size/algo/created, I'm in
favor of dropping them.
Even understanding the motivation, I'm in favor of dropping them. V3
keys are deprecated. If someone desperately needs to use V3 keys, and
desperately needs to include their key size in the OpenPGP header to
foil this attack, well, there is already a way to include arbitrary
free-text comments in the header.
David