ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Fingerprints

2015-04-10 09:01:44
from [Werner Koch] [Permanent Link] 
On Fri, 10 Apr 2015 15:23, phill(_at_)hallambaker(_dot_)com said:


There is no need to have an algorithm field, a version field is
sufficient because we should only be using one algorithm at a given


Right.  However an algorithm field is as good as a version field because
they have the same purpose in this context.  An algorithm field saves us
a mapping to the actual algorithm.  Recall that OpenPGP uses an
one-octet indentifier and not an OID.


time. There is no need for a length field either.


Agreed.

It is often useful to have a keyid to quickly (but insecure) refer to a
key.  I suggest to take it from the fingerprint bytes 1 to 4 (ignoring
the algorithm byte).  There is no need for a long keyid.  However, we
may also suggest a use like in git where you may abbreviate it as you
like - however the keyid should be non-normative because the protocol
should not make any use of it.


I am also using SHA512 and truncating to 128 bits, then base 32
encoding. The rationale for this is


Because there are several versions of BASE-32 I suggest the use of
z-base-32 which is used by Tahoe-LAFS and ZRTP.  The truncation length of
the hash should be match a best match for the base 32 encoding.


* Fingerprints are the root of trust, there is an outside chance that
SHA-2-256 might be broken but breaking SHA-2-512 truncated to 256 bits
is a lot harder because it has 80 rounds rather than 64.


I think that should be discussed in the context of the new default hash
algorithm.



The bit that will probably be controversial is how I am calculating
them, over an X.509v3 KeyInfo block. There is method to the madness


X.509 has no definition for a fingerprint but OpenPG already uses a well
defined method to compute the fingerprint.  You can't compare the two
protocols or define a unique fingerprint method.


If people really can't stomach ASN.1 code then we could do some other
key format. But the problem then becomes having to specify how to


We want to do an rfc4880bis and not an entire new protocol.  Thus any
ASN.1 encoding is not an option.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [openpgp] Fingerprints, Phillip Hallam-Baker
Next by Date:  Re: [openpgp] OpenPGP private certification, Werner Koch
Previous by Thread:  [openpgp] Fingerprints, Phillip Hallam-Baker
Next by Thread:  Re: [openpgp] Fingerprints, Derek Atkins
Indexes:  [Date] [Thread] [Top] [All Lists]