On 7/08/2015 02:20 am, Phillip Hallam-Baker wrote:
On Thu, Aug 6, 2015 at 3:19 PM, Daniel Kahn Gillmor
<dkg(_at_)fifthhorseman(_dot_)net <mailto:dkg(_at_)fifthhorseman(_dot_)net>>
wrote:
On Thu 2015-08-06 12:12:48 -0400, Nicholas Cole wrote:
> There's actually just a more basic, practical problem. Most gpg tools
> assume unique fingerprints. Is it even possible to specify one key rather
> than another if both have the same fingerprint?
but what are the consequences of this? If there's a specifically
troubling scenario that puts other people at risk, we should be able to
describe it.
If there isn't, then this suggests that actually using two keys with the
same fingerprint is a problem only for the person who holds the two
keys, right?
But that person has an easy (much cheaper in fact) way to proceed
without the problem: don't make a fingerprint collision in the first
place!
Dan,
The problem is that the person who is potentially at risk is not the key
holder but the relying party who verifies the key.
As with 'Domain Separation' it is a case where most of us prefer to be
conservative unless there is a good reason to try the bleeding edge.
Doubling the length of a printed fingerprint is clearly a problem.
Having a big internal fingerprint isn't.
Here, 100, 125 or 150 bits seem fine for a printed fingerprint and 256
bits is comfortable for an internal one. Do we really need to go
further? My original goal was to avoid having to go into this
explanation at last call.
Are we arguing about a shortened internal identifier for the key?
That's easy. The full hash, please.
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp