On Mon 2019-08-26 02:19:12 -0500, Benjamin Kaduk wrote:
On Thu, Aug 22, 2019 at 06:01:23PM -0400, Daniel Kahn Gillmor wrote:
Note that this only works if there is a well-established convention
about what digest algorithm to use. I don't want to keep a SHA256 and a
SHA512 and a blake2b index of all the certifications i know about. Note
also that SHA256 isn't used here for strong cryptographic purposes --
it's just a hash table indexer.
This sounds an awful lot like (my understanding of) what PHB's UDF [1]
(uniform data fingerprint) is supposed to be. Sadly, I've not had time
yet to give it a proper read...
[1] https://tools.ietf.org/html/draft-hallambaker-mesh-udf
I don't think that this is the same thing as i'm proposing above -- my
understanding is that PHB's UDF is intended to have some level of
cryptographic resilience -- to collisions at least, and maybe to
pre-images in some contexts.
In the scheme i've proposed above, the digest is simply used to find a
certification in an index. It could conceivably be non-unique, even,
since the verification is expected to be done over the full underlying
certification data. (i.e. it's an index to a non-keyed hashtable)
To avoid malicious attacks against the efficiency of the non-keyed
hashtable (e.g. if we used CRC32, an adversary could flood the user with
certifications that produce identical checksums, reducing them to linear
search), we probably *do* want it to be collision-resistant, but it's
not going to need the same level of cryptographic rigor that we'd need
for a fingerprint, where the fingerprint itself is used to prove
identity of data.
--dkg
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp