ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Keyholder-configurable fingerprint schemes?

2015-11-08 05:09:17
On 7/11/2015 03:31 am, Bryan Ford wrote:
In the OpenPGP meeting, Christian brought up an idea that I thought was 
interesting and perhaps deserved further consideration.

Background summary:  In the meeting a hum-poll was taken on the “single vs multiple 
fingerprints” question, my interpretation of whose result was that we should *not* create a 
system that subjects users to juggling multiple, inconsistent fingerprints for the same key (e.g., 
both a SHA-1 and a newer-hash-function-based fingerprint for the same user’s public key).

Definitely.  Strong hum.


A “strong interpretation” of that position is we should pick a single new hash function for “new 
fingerprints”, and mandate that all keys created with “new signature schemes” (e.g., Ed448) have 
fingerprints computed using that new scheme, while leaving the fingerprints of old schemes (e.g., RSA/DSA keypairs) 
fingerprinted using the old approach to preserve consistency.

Hmm.  In both senses.

A “weaker interpretation” of that position would be that for each new signature scheme 
defined for use with OpenPGP, that scheme should also define a suitable fingerprinting scheme to go along 
with it, but the fingerprinting scheme may (in principle) vary from one “new” keypair-type to 
another provided it remains consistent for any given  keypair.


That. The author of the signature scheme has to *select* a fingerprint scheme. We fully expect that in 2025 we'll be re-doing the signature scheme, because the old one is crufty and brittle - the same applies to the fingerprint scheme. The author at the time has the responsibility and the knowledge to match all the components together to get a good security across the board.

<loud>HMMM</loud>

I see that the precise results of this hum-poll weren’t precisely captured in Rich’s 
meeting minutes - understandable since the precise results (or their proper interpretation) was a 
bit fuzzy to me as well and I don’t feel confident either to suggest exactly how that part of 
the minutes should be filled in.


thanks. And no, I don't see it as "weaker" but in fact stronger design principle :)

iang

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp