On 7/11/2015 03:31 am, Bryan Ford wrote:
In the OpenPGP meeting, Christian brought up an idea that I thought was
interesting and perhaps deserved further consideration.
Background summary: In the meeting a hum-poll was taken on the “single vs multiple
fingerprints” question, my interpretation of whose result was that we should *not* create a
system that subjects users to juggling multiple, inconsistent fingerprints for the same key (e.g.,
both a SHA-1 and a newer-hash-function-based fingerprint for the same user’s public key).
Definitely. Strong hum.
A “strong interpretation” of that position is we should pick a single new hash function for “new
fingerprints”, and mandate that all keys created with “new signature schemes” (e.g., Ed448) have
fingerprints computed using that new scheme, while leaving the fingerprints of old schemes (e.g., RSA/DSA keypairs)
fingerprinted using the old approach to preserve consistency.
Hmm. In both senses.
A “weaker interpretation” of that position would be that for each new signature scheme
defined for use with OpenPGP, that scheme should also define a suitable fingerprinting scheme to go along
with it, but the fingerprinting scheme may (in principle) vary from one “new” keypair-type to
another provided it remains consistent for any given keypair.
That. The author of the signature scheme has to *select* a fingerprint
scheme. We fully expect that in 2025 we'll be re-doing the signature
scheme, because the old one is crufty and brittle - the same applies to
the fingerprint scheme. The author at the time has the responsibility
and the knowledge to match all the components together to get a good
security across the board.
<loud>HMMM</loud>
I see that the precise results of this hum-poll weren’t precisely captured in Rich’s
meeting minutes - understandable since the precise results (or their proper interpretation) was a
bit fuzzy to me as well and I don’t feel confident either to suggest exactly how that part of
the minutes should be filled in.
thanks. And no, I don't see it as "weaker" but in fact stronger design
principle :)
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp