Given the SHA-1 break, Could we return to the V5 fingerprint discussion?
The issue we are seeing the the SHA-1 break is that a LOT of software is
based on the assumption that SHA-1 is unique. And this is causing software
to crash in real world applications.
Thanks for reviving this discussion. While as I previously stated your
proposal for the new fingerprint format still looks good to me, I don't
agree that this newest break against SHA-1 is grounds for alarm.
Note, software does not require a hash break to crash, it's perfectly
capable of doing that even if the hash algorithm is sound. I remember a
story of some app crashing because someone reused the key material from the
primary key as a subkey packet, so the subkey and primary would have shared
their fingerprint regardless of the hash used. This is just something apps
will have to deal with no matter what; the only thing that's different from
a few days ago is that bugs like this may just have become a lot easier to
reproduce.
Until I see evidence to the contrary, I'm going to assume the sky is not
falling. Not this week.
However, there certainly are some interesting avenues of investigation in
light of this recent discovery:
1) Should we deprecate SHA1 in signatures? (Or did we already?)
2) How does SKS handle disambiguation? If I submit different keys with
matching fingerprints at different endpoints in the sync network, how will
those keys propagate to the other nodes?
3) Does GnuPG have any way to disambiguate? Do the different automatable
interfaces expose this capability?
I'd say question 1 is the most pressing of the tree, and it's also the one
question we could answer at the standards level. If we manage to make a
decision on that, we're definitly on the right track w.r.t. letting go of
SHA1. (Hint: the answer should be "yes.")
-Thijs
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp