ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Keyholder-configurable fingerprint schemes?

2015-11-09 20:19:56
from [brian m. carlson] [Permanent Link] 
On Sat, Nov 07, 2015 at 12:31:43PM +0900, Bryan Ford wrote:

This approach to fingerprint generation has the slightly-odd
(certainly unconventional) property that a single public/private
keypair does not have only one possible, deterministically-computed
fingerprint (i.e., a hash of the public key), but rather may in
principle have many different possible fingerprints (parameterized by
the PoW and the salt that will inevitably be required in that PoW).
This might seem to violate the “fingerprint consistency” property that
was discussed at the meeting.  However, as summarized above, my
perception is that the main fingerprint consistency concern is that we
do not want to subject users to multiple different fingerprints *for a
single key*.  In Christian’s scheme, while any key could “in
principle” have many different fingerprints, as long as the user
generating the key (or the user’s OpenPGP implementation) picks one
particular fingerprint and binds that fingerprint to the key in a
fully verifiable fashion as part of the self-signed public-key record,
the fact that fingerprint-generation is parameterized creates no
user-perceivable fingerprint-consistency issue that I can discern.


I think not having a single unique fingerprint is in general a bad idea.
Earlier discussion on the list reflected wanting to remove creation
timestamps so we had a fingerprint that was consistent and represented
the actual key bits uniquely.  Using a parameterized proof-of-work
scheme defeats that goal.

Furthermore, one of the benefits of elliptic curve algorithms is the
tiny keys.  You could theoretically send an entire EC public key in a QR
code and still get the same fingerprint on both sides.  Including a
proof-of-work makes that impossible.

Finally, there's been a lot of discussion about simplifying the
standard.  This doesn't seem like a move in that direction.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Reducing the meta-data leak, Bryan Ford
Previous by Thread:  Re: [openpgp] Keyholder-configurable fingerprint schemes?, ianG
Indexes:  [Date] [Thread] [Top] [All Lists]