From glind98@gmail.com Thu Jul 26 12:13:03 2012 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07C1421F85A8 for ; Thu, 26 Jul 2012 12:13:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.598 X-Spam-Level: X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EEnHDbPdkYDD for ; Thu, 26 Jul 2012 12:13:02 -0700 (PDT) Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 6E15021F8530 for ; Thu, 26 Jul 2012 12:13:02 -0700 (PDT) Received: by vbbez10 with SMTP id ez10so2123376vbb.31 for ; Thu, 26 Jul 2012 12:13:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=FRlu3f2mbmCI1Y0Ir7L/tsJP41vZfPQLqDzN6iCwMpU=; b=m0+3O6KIej6SikrZa60rgSxuYUnK2Y1FkoAbIW9TpBOUBpkwGiLKkgSUm5p7ICdTWG dAeyh2BS+9/RHQH/YNQhuDHOGVmlpLPz/Nq1bV+ycaHIp9lZCEYgCM6EgvZ8H3x/CR0q vEDSQsnVm/uHM8SUdrbkMxJHmJ5rL1TKyXajqtkcwgBGKA6WdTsTYN7MOzsIHTQcgm8R MYkGawZ+Zd7EErc7qqOBYpzz4c99v9eHPNp6RNklEv2IZ3ubX0kMc9idnbE4o9JkGlON 9lpbQOTdYRMBsEeTs72F+AdkxxfzG4D/Ftnyj5FEnQkqJj4IfmWJozkfoKD/USarZk1w d1vw== MIME-Version: 1.0 Received: by 10.220.239.209 with SMTP id kx17mr14443654vcb.41.1343329981747; Thu, 26 Jul 2012 12:13:01 -0700 (PDT) Received: by 10.58.23.165 with HTTP; Thu, 26 Jul 2012 12:13:01 -0700 (PDT) Date: Thu, 26 Jul 2012 15:13:01 -0400 Message-ID: From: George Lind To: openpgp@ietf.org Content-Type: multipart/alternative; boundary=14dae9cdbefb60d0a004c5c06295 Subject: [openpgp] PGP signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2012 19:13:03 -0000 --14dae9cdbefb60d0a004c5c06295 Content-Type: text/plain; charset=ISO-8859-1 Can anyone explain how signatures are calculated, particularly on public keys? Thanks --14dae9cdbefb60d0a004c5c06295 Content-Type: text/html; charset=ISO-8859-1 Can anyone explain how signatures are calculated, particularly on public keys?

Thanks

--14dae9cdbefb60d0a004c5c06295-- From gdt@ir.bbn.com Thu Jul 26 12:32:53 2012 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D0AF11E809F for ; Thu, 26 Jul 2012 12:32:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UgVFHo6GsPsu for ; Thu, 26 Jul 2012 12:32:53 -0700 (PDT) Received: from fnord.ir.bbn.com (fnord.ir.bbn.com [IPv6:2001:4978:1fb:6400::d2]) by ietfa.amsl.com (Postfix) with ESMTP id 00E2C11E809C for ; Thu, 26 Jul 2012 12:32:53 -0700 (PDT) Received: by fnord.ir.bbn.com (Postfix, from userid 10853) id B7E44B0AA; Thu, 26 Jul 2012 15:32:51 -0400 (EDT) From: Greg Troxel To: George Lind References: OpenPGP: id=32611E25 Date: Thu, 26 Jul 2012 15:32:51 -0400 In-Reply-To: (George Lind's message of "Thu, 26 Jul 2012 15:13:01 -0400") Message-ID: User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Cc: openpgp@ietf.org Subject: Re: [openpgp] PGP signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2012 19:32:53 -0000 --=-=-= Content-Type: text/plain George Lind writes: > Can anyone explain how signatures are calculated, particularly on public > keys? Did you read RFC4880 and find it unclear? Is there a particular mysterious step? --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (NetBSD) iEYEARECAAYFAlARm2MACgkQ+vesoDJhHiVJ+gCgsOdkP7MGIBgPvYuR3P0z6xao 0jQAoKPUbqMKGkF2A9OC0RCUPPNjMvCt =Q+qL -----END PGP SIGNATURE----- --=-=-=-- From dkg@fifthhorseman.net Thu Jul 26 15:36:08 2012 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC86C11E80C4 for ; Thu, 26 Jul 2012 15:36:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Ujy6aASW9mQ for ; Thu, 26 Jul 2012 15:36:07 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 4B06B11E80AE for ; Thu, 26 Jul 2012 15:36:07 -0700 (PDT) Received: from [192.168.13.75] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 41535F979; Thu, 26 Jul 2012 18:36:04 -0400 (EDT) Message-ID: <5011C64C.50304@fifthhorseman.net> Date: Thu, 26 Jul 2012 18:35:56 -0400 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.5) Gecko/20120624 Icedove/10.0.5 MIME-Version: 1.0 To: George Lind References: In-Reply-To: X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigC8CB8D85218B8D98E9CECCC5" Cc: openpgp@ietf.org Subject: Re: [openpgp] PGP signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2012 22:36:08 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC8CB8D85218B8D98E9CECCC5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 07/26/2012 03:13 PM, George Lind wrote: > Can anyone explain how signatures are calculated, particularly on publi= c > keys? computing OpenPGP signatures in general: https://tools.ietf.org/html/rfc4880#section-5.2.4 The particular format of primary key packet: https://tools.ietf.org/html/rfc4880#section-5.5.2 If you have more specific questions, or you have code that is supposed to behave a certain way but isn't, please ask or show more detail. hth, --dkg --------------enigC8CB8D85218B8D98E9CECCC5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQJ8BAEBCgBmBQJQEcZMXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwRUU1QkU5NzkyODJEODBCOUY3NTQwRjFD Q0QyRUQ5NEQyMTczOUU5AAoJEMzS7ZTSFznppbYQAJ2fYBrTg0OVUfTPpNOeV95r cYhhYd0sY5JCt0ue03GcqEndxUOSVzvllOsZHn7hRqOJL7dJE6M0S3NJlJ95maCV IBJc6M1JGWOwnCvrDBH6B4M+bnnV4HpDBrgbVgI7VxPr4t4VFRQww52gP2HAC9+Z InGfYYmb7UpxIaRt+UX2+wFsWlFMD+0NP4oujcSLN8T9XTs5fb689Rr3SBU3Cp1w LmvsB4OzF9fOzxQsUCWaiKLofiQUStaZGdR6FLjuquoIZyNnKxcGG5JSuI6/SmA+ soE8qSPshOyVRdEXQ3pS9xeIxEXLnTESYX+Jc2OeCZkhLasqbxb38HAm4IwKLRlG iCwIEDukkuiyY4yksbgUEKTr3+VkZYa4odUX4grEUA56gLuGd4rkzsl8UUbqWFg/ SDgTVs6kvce7ZZ36e04OGcMw0lZNCTFO/JiNVJUsZ0Z4E8ySJHbLPR0y6WYfNQsZ orS+oxZS8rj9KgqwhgiWMifOrR2i7cs5UY8IDiWOJCmZAKJzkqZ1zYAcpwcf0dfG W/6SHqtKShi324HZUZvy0bvrGi5IZmjm8q+FWfRFzJ5grzWRdcYPcyMdD3m/bZEq Y5jcmzKpn0MELh9Fpr/tS3YjQgq6Atg//nr3fxq3/JjhI5snmG4+KuimHFUebRhs HL1julH820v+tPzrd81B =ubVG -----END PGP SIGNATURE----- --------------enigC8CB8D85218B8D98E9CECCC5-- From dkg@fifthhorseman.net Thu Jul 26 21:40:04 2012 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D34A521F84F6 for ; Thu, 26 Jul 2012 21:40:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S5-qly3+18fQ for ; Thu, 26 Jul 2012 21:40:02 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id A963221F848F for ; Thu, 26 Jul 2012 21:40:01 -0700 (PDT) Received: from pip.fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id BE9B5F975 for ; Fri, 27 Jul 2012 00:39:59 -0400 (EDT) Received: by pip.fifthhorseman.net (Postfix, from userid 1000) id E029115665; Thu, 26 Jul 2012 22:39:57 -0600 (CST) From: Daniel Kahn Gillmor To: IETF OpenPGP User-Agent: Notmuch/0.13.2 (http://notmuchmail.org) Emacs/23.4.1 (i486-pc-linux-gnu) Date: Fri, 27 Jul 2012 00:39:52 -0400 Message-ID: <87ehnxg6lj.fsf@pip.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Subject: [openpgp] subkey revocation signatures -- RFC compliance? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 04:40:05 -0000 --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi folks-- I think i'm seeing a discrepancy between packets generated by a popular OpenPGP implementation (GnuPG) and RFC 4880. I'm wondering if anyone can help clarify my understanding of the RFC. https://tools.ietf.org/html/rfc4880#section-5.2.4 says: [...] When a signature is made over a key, the hash data starts with the octet 0x99, followed by a two-octet length of the key, and then body of the key packet. (Note that this is an old-style packet header for a key packet with two-octet length.) A subkey binding signature (type 0x18) or primary key binding signature (type 0x19) then hashes the subkey using the same format as the main key (also using 0x99 as the first octet). Key revocation signatures (types 0x20 and 0x28) hash only the key being revoked. [...] Note that 0x28 is a subkey revocation signature. The subkey revocation packet generated by GnuPG 1.4.12 appears to be made over a digest that includes both the primary key and the subkey. This seems to be in contrast to the idea that it "revocation signatures hash only the key being revoked." Attached is a test key with a single subkey that has been revoked by gpg 1.4.12. I haven't been able to figure out how to revoke a subkey with any other OpenPGP implementation yet. I tried loading the attached key into PGP 6.5.8 (fetched from [0]) and GnuPG 1.4.12 (in an otherwise clean gpg home), and it does look like that version of pgp is willing to accept this form of subkey revocation: 0 wt215@pip:~/src/pgp/pgp-6.5.8$ GNUPGHOME=3D../gpgtest gpg --check-sigs --= verbose gpg: using PGP trust model ../gpgtest/pubring.gpg =2D--------------------- pub 1024D/51902F1E 2012-07-27 uid test key sig!3 51902F1E 2012-07-27 test key sub 1024g/02CA3054 2012-07-27 [revoked: 2012-07-27] sig! 51902F1E 2012-07-27 test key rev! 51902F1E 2012-07-27 test key 0 wt215@pip:~/src/pgp/pgp-6.5.8$ LD_PRELOAD=3D./x/usr/lib/libstdc++.so.2.8 = ./pgp -kvv Pretty Good Privacy(tm) Version 6.5.8 (c) 1999 Network Associates Inc. Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Export of this software may be restricted by the U.S. government. Type bits keyID Date User ID DSS 1024 0x51902F1E 2012/07/27=20 DH 1024 0x51902F1E 2012/07/27 *** KEY REVOKED *** test key sig 0x51902F1E test key 1 matching key found. 0 wt215@pip:~/src/pgp/pgp-6.5.8$=20 I also made a bogus subkey revocation packet and tried loading that into a clean PGP 6.5.8 profile instead of the gpg-generated one, and PGP did *not* think that the subkey was properly revoked. So it looks to me like there are at least two implementations that hash more than the key being revoked for subkey revocations. Any pointers to something i've missed in the spec? Or does this warrant an errata? Regards, --dkg [0] http://www.pgpi.org/cgi/download.cgi?filename=3DPGPcmdln_6.5.8.Lnx_FW.t= ar.gz --=-=-= Content-Type: application/octet-stream Content-Disposition: attachment; filename=revoked-subkey.pgp Content-Transfer-Encoding: base64 Content-Description: example key with revoked subkey LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tClZlcnNpb246IEdudVBHIHYxLjQu MTIgKEdOVS9MaW51eCkKCm1RR2lCRkFTRlRnUkJBQ3dhSlVMVkZtVGNDNWJhcTV5VFZFd09hK1lG YzhWNFpDRWNtTkdSVzJlL2RMWUI0R3kKMG9xVUxiRlE0cjB4bHliOFNPN1BuTUZDNWRBR25UclBB aEJzb0xRR3J6dG05S1BXRk9KTzgwdUUvdGRyNnBXagpjK2QxOE5PRVFOTmp6TmpQRWpXTUgwUXJ0 cEJRY1l0a2ZZM0hrUEIrMi8yMVd5UURNN3FVdms1VSt3Q2dyN2YzCmVOcUtZdjVPckVXUTNaRGVn eDcwajhFRC9qOGowbGU0YUlHdFhTT0VOd3BKYlB6ajhLQkMxYWNqWkRuSnBjN1cKcWFyZjRCQXNQ R2VFWU5JUFhLWERoc0o1Skh3bkJ4MkIwbkY2M21JeTRMV05CN3IzakdzUCt4UmNqNjRyc3Y2MApO VWpsaktFK1BDZnlueGdRZkNJR2N5MEh4RFNTV2Iyd2d0UHJCZjFHS1FubXFaZW9GNkNVTStZVVFs UlhKSUdYClJJd3BBLzlkN01ia0lJVkIrK3pzSEpYMFJlaktGNmxGYW9JVmIrYTd2V3VLNlYwcHdH cjVSUjM4R0RpZXdVUGEKVGcxMkd0bzViNkIrVm5LeklMZFY2UVMydVFuVEJnQ3JRY0N2VFhpaEZ3 M0tDaWZqWUZzcXlTNWxZNzVLSVhBWgpSQWpOOG5WajB5WW1OeEY4b2NKVGRBOXVjcTl3T1pJVUZ5 OGMzWEdJY3dqNFRqeVJkTFFlZEdWemRDQnJaWGtnClBIUmxjM1JyWlhsQVpYaGhiWEJzWlM1dVpY UStpR0lFRXhFQ0FDSUZBbEFTRlRnQ0d3TUdDd2tJQndNQ0JoVUkKQWdrS0N3UVdBZ01CQWg0QkFo ZUFBQW9KRUVnbUYycFJrQzhlZEtBQW5BK2lJbGhKelQrNEpKWEM2clY0SkVWWgorWE0yQUo0OHFl VGRiaWhuK1Zud2NrSlQvcEVHNWxHN2ZMa0JEUVJRRWhVNEVBUUF2cmdsSXE4eXUrTGNYYTBHCnNv WUVKOVI2VlNwbHZUdXpQRUlhY1ZBMkZveURhT0hNRzhOUUk1Z2tOZDJjSCs5OHE5RFE4L2pWNlM1 VUo2MzEKdVdtaVlOQzkrblBsbEZ2cFFLd01lUWR0SS9iOXB4Vk1yaStpVXNCMzIyMC9YcUZScjRq ZGhjalBSbzl6c3ZTYwpaQTk3UXNEZU1NWWM2VmtFMWRPcG9ha0pCMmNBQXdjRUFKME1JOVFWOFcr VXdTaVNKLzl6cjd5dkV3OGg0UG1oCjcxL1RsTTg3VEtVUlh6MVZyUUVYa3NnUS9Xd1VGYlNJbFo5 S3QyZk9DakRKYm96emdBR0Z5cDQycTBURS9HVjYKNzJBUDJhc1JjUU40SS85MTN2YnBkL0hWTE9O TFRMUGQ1bHU0OTFtTzAvdjIyQ3FKd0ZRV3h6RmVpV0EvTGJ1SwprUlEwYjUweEM3U0dpRkFFS0JF Q0FCQUZBbEFTRmJnSkhRQjBaWE4wYVc1bkFBb0pFRWdtRjJwUmtDOGV5VW9BCm4wbnZxczdNVDVz NVRZbHVjWlZLWTM5bWR1MmhBSjBkWkVkcDR3VE5pTVkyVVdMUTM4K0Vnb0hTSjRoSkJCZ1IKQWdB SkJRSlFFaFU0QWhzTUFBb0pFRWdtRjJwUmtDOGU0MGdBb0pLckFYNkNzZ0tvL1FGbHdXNjFFYlRB Y2dRZApBS0NrMjRnR290S3k5REF0bFBEV0NUTTgyaThjYVE9PQo9VStyMQotLS0tLUVORCBQR1Ag UFVCTElDIEtFWSBCTE9DSy0tLS0tCg== --=-=-=-- --==-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJQEhuZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwRUU1QkU5NzkyODJEODBCOUY3NTQwRjFD Q0QyRUQ5NEQyMTczOUU5AAoJEMzS7ZTSFznpqpkP/jnw8RuDjm7T3QvCHCBNsGBL V3XNvb9gi6bNEyAiB5HWxZJgD5mx2xQPEK2kbA5FtwCoL7ySLrJojrND1JwuMkYq UC0eGe/48Udhu/viCIumR3Ar7ZYj1RX9HwAjr9Y/tjLyVxbFPNkiDjCdBc18XIZL IHr1836POBWlB278dbmCtFqPAPWtXRUoYvBg7QouTrhTcKXt7NSVAlkp6H02j9G8 c+nz5/4gVFGqs7tTbsuey6Wek/i7xM3LKeyMQ5dCxdZBmRtaf2vKaEB+UBpiA/aK +ZLQUc4etU0sa9IIxZ2eoiJnenISJbvyclKzquTXUbBaHxt9dqrWIrQIVZqBlQHB +V6nfgNVg6gIpmD2myMbDVeQ8oAigDh7XXGQ55DdPKwM62OIHq9xYjGbW5X7L4UH NSByaTM5EmhF+wKJ9JykPagVXL0kF9vavFteOAVSUa1LfBdpTrmG3U8BWCKmporc PXbMrO+ys0nRDHuxr2YTUXVuATHG8yEBiNwo7cqsXUtEdLcAumu1RQIm+hlijTiH 8QD5URagQsaGnbd5VwHpczDaMzffSi4ZDor4XPxoRgbsAyVUcfPnvsfs2ojFaIu/ 4KVdm7RFFkpD7JEKinhOpgYkqdQFKJQPWOBjF2vdI92OnDBisykZiuYr7CNHwb6v aueps7WT7xhgclCIYIn9 =Diic -----END PGP SIGNATURE----- --==-=-=-- From wk@gnupg.org Fri Jul 27 01:11:06 2012 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F207521F860F for ; Fri, 27 Jul 2012 01:11:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWZgIKGaruqj for ; Fri, 27 Jul 2012 01:11:05 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by ietfa.amsl.com (Postfix) with ESMTP id 73C7D21F8606 for ; Fri, 27 Jul 2012 01:11:02 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.72 #1 (Debian)) id 1SufdT-0001bP-G2 for ; Fri, 27 Jul 2012 10:10:59 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.77 #3 (Debian)) id 1Sufc1-0007dT-Pq; Fri, 27 Jul 2012 10:09:29 +0200 From: Werner Koch To: Daniel Kahn Gillmor References: <87ehnxg6lj.fsf@pip.fifthhorseman.net> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=1E42B367; url=finger:wk@g10code.com Date: Fri, 27 Jul 2012 10:09:29 +0200 In-Reply-To: <87ehnxg6lj.fsf@pip.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Fri, 27 Jul 2012 00:39:52 -0400") Message-ID: <87zk6laame.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: IETF OpenPGP Subject: Re: [openpgp] subkey revocation signatures -- RFC compliance? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 08:11:06 -0000 On Fri, 27 Jul 2012 06:39, dkg@fifthhorseman.net said: > the first octet). Key revocation signatures (types 0x20 and 0x28) > hash only the key being revoked. > [...] This text goes back to the very first published draft from March 98 (the I-D states 1997, but this is a typo). > The subkey revocation packet generated by GnuPG 1.4.12 appears to be > made over a digest that includes both the primary key and the subkey. So PGP and GnuPG we have never been OpenPGP compliant. Good catch. I don't have that old OpenPGP toolkit implementation anymore around. We should check what it does. The way it is implemented by GnuPG and PGP might technically be justified by: 0x28: Subkey revocation signature The signature is calculated directly on the subkey being revoked. A revoked subkey is not to be used. Only revocation signatures by the top-level signature key that is bound to this subkey, or by an authorized revocation key, should be considered valid revocation signatures. With the exception of an authorized revocation key, the primary key is required to check the signature and thus it needs to be available. Hashing the primary key along with the subkey is what we have to do for other key signatures anyway. We would need to dive into the WG archives to see why we came up with the specific requirement. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dshaw@jabberwocky.com Fri Jul 27 05:53:57 2012 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F9821F865A for ; Fri, 27 Jul 2012 05:53:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MausXVQQYnxG for ; Fri, 27 Jul 2012 05:53:57 -0700 (PDT) Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by ietfa.amsl.com (Postfix) with ESMTP id F41A921F8667 for ; Fri, 27 Jul 2012 05:53:56 -0700 (PDT) Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.4/8.14.4) with ESMTP id q6RCrs0x004073 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 27 Jul 2012 08:53:55 -0400 Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=us-ascii From: David Shaw In-Reply-To: <87ehnxg6lj.fsf@pip.fifthhorseman.net> Date: Fri, 27 Jul 2012 08:53:54 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <23DE1DDA-670B-4BDB-84C4-71BAF63AA928@jabberwocky.com> References: <87ehnxg6lj.fsf@pip.fifthhorseman.net> To: Daniel Kahn Gillmor X-Mailer: Apple Mail (2.1278) Cc: IETF OpenPGP Subject: Re: [openpgp] subkey revocation signatures -- RFC compliance? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 12:53:57 -0000 On Jul 27, 2012, at 12:39 AM, Daniel Kahn Gillmor wrote: > Hi folks-- >=20 > I think i'm seeing a discrepancy between packets generated by a = popular > OpenPGP implementation (GnuPG) and RFC 4880. I'm wondering if anyone > can help clarify my understanding of the RFC. >=20 > https://tools.ietf.org/html/rfc4880#section-5.2.4 says: >=20 > [...] > When a signature is made over a key, the hash data starts with the > octet 0x99, followed by a two-octet length of the key, and then body > of the key packet. (Note that this is an old-style packet header = for > a key packet with two-octet length.) A subkey binding signature > (type 0x18) or primary key binding signature (type 0x19) then hashes > the subkey using the same format as the main key (also using 0x99 as > the first octet). Key revocation signatures (types 0x20 and 0x28) > hash only the key being revoked. > [...] >=20 > Note that 0x28 is a subkey revocation signature. >=20 > The subkey revocation packet generated by GnuPG 1.4.12 appears to be > made over a digest that includes both the primary key and the subkey. >=20 > This seems to be in contrast to the idea that it "revocation = signatures > hash only the key being revoked." Interesting. Digging around a bit, it seems that this was noticed by = Marc Horowitz in 2000 (see = http://www.mhonarc.org/archive/html/ietf-openpgp/2000-12/msg00001.html = ), but for one reason or another it wasn't resolved before publication. Nice catch! I think this would be a good errata item for the RFC. = http://www.rfc-editor.org/how_to_report.html David From dkg@fifthhorseman.net Fri Jul 27 09:59:26 2012 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9324B11E80D2 for ; Fri, 27 Jul 2012 09:59:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 80NtwCEVYU-k for ; Fri, 27 Jul 2012 09:59:25 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id CDACA11E80BF for ; Fri, 27 Jul 2012 09:59:25 -0700 (PDT) Received: from [192.168.13.75] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id A19B8F975 for ; Fri, 27 Jul 2012 12:59:21 -0400 (EDT) Message-ID: <5012C8E2.5010404@fifthhorseman.net> Date: Fri, 27 Jul 2012 12:59:14 -0400 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.5) Gecko/20120624 Icedove/10.0.5 MIME-Version: 1.0 To: IETF OpenPGP References: <87ehnxg6lj.fsf@pip.fifthhorseman.net> <23DE1DDA-670B-4BDB-84C4-71BAF63AA928@jabberwocky.com> In-Reply-To: <23DE1DDA-670B-4BDB-84C4-71BAF63AA928@jabberwocky.com> X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigDD3D03FEA1E9273CA2265C33" Subject: Re: [openpgp] subkey revocation signatures -- RFC compliance? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: IETF OpenPGP List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 16:59:26 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigDD3D03FEA1E9273CA2265C33 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 07/27/2012 08:53 AM, David Shaw wrote: > it seems that this was noticed by Marc Horowitz in 2000 (see http://www= =2Emhonarc.org/archive/html/ietf-openpgp/2000-12/msg00001.html ), but for= one reason or another it wasn't resolved before publication. thanks for digging that up. > Nice catch! I think this would be a good errata item for the RFC. htt= p://www.rfc-editor.org/how_to_report.html I've now reported it: http://www.rfc-editor.org/errata_search.php?rfc=3D4880&eid=3D3298 Has anyone else tried to implement this corner of the spec? If so, how did you handle subkey revocation signatures? I'd like to be more confident that we aren't breaking interoperability with anyone by making this clarification (though arguably the interoperability is probably already broken if anyone was writing to spec). --dkg --------------enigDD3D03FEA1E9273CA2265C33 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQJ8BAEBCgBmBQJQEsjiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwRUU1QkU5NzkyODJEODBCOUY3NTQwRjFD Q0QyRUQ5NEQyMTczOUU5AAoJEMzS7ZTSFznpx7QP/3HycJzpdYeeGmAsMoPdhnbi IwWp9dnak2qrk8dHIn9gbajhEFGWq3M0TQt8sUDq05yUf/fJOFLfAL2+PqkbvuGJ yLIQ1P3bfSxOILIPnV5NU7QTsJsPWRLJWrawaEWhhDkeRqjglE7Zms9WkeSfHVrG rj0opjOnXJEuvUp+BUn3wv7DmyOs9LqJGT0GZP5zXUO97LL73G3/GT9gLqTqXNZc luPIG67Bm6rekhEfLUu028tse9oIPTbt5JXSbB9pAUTrwIHOHWSHkysEzWfCEqOI D66dgVh8jmCLQwIUWPgr9LHXj2c1uCh6yN/2bioWxvXgfYyH0BB34JOzkP9nRTxT wLWtJSnQT/wJtigjZS6Ra+m17cOsF3kgsZrwkwG2FZDnZjnm6/995iTddytWdBo5 eujCvXGMqFb/MtCzup8178RjOYpz4KkVk5So/oHMSdSdgRmHTfz55HDAyRKFenm0 6lwuYa4HzHRBBLr8eej0XymSzhhEZG72h41reHA15ZaI3gFORd2KlmJ62jHhcDap WlGBDAG1FTLRaMn32iJGZDbQ0mv+QTLRsEYZggJgFkFszwKKi85eotyiXRbkbAtV xlZhCKpb/rmVTrIFOhHJ2x65PbL2zKlBfqwsJlst8QmoMMUZ7KUBKl+2gzRBGqG+ uIAADr2UtjbpTETRo93b =QnZC -----END PGP SIGNATURE----- --------------enigDD3D03FEA1E9273CA2265C33-- From glind98@gmail.com Mon Jul 30 13:15:12 2012 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7661411E810D for ; Mon, 30 Jul 2012 13:15:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.598 X-Spam-Level: X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iZffaHyM-QpA for ; Mon, 30 Jul 2012 13:15:12 -0700 (PDT) Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id D75F711E80F6 for ; Mon, 30 Jul 2012 13:15:11 -0700 (PDT) Received: by vbbez10 with SMTP id ez10so5396854vbb.31 for ; Mon, 30 Jul 2012 13:15:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=R6/BI1YPr7wejY02bFbJD7fe+dqcljJv4218ZVaZ3RI=; b=n7fr4x5ZLGHLHtXU4BBBktGw0xQ86Lrkuaqk9fBy4gnQ5EmFMxRh9/Nxe9Vkj195YX F0dHSyy1Zp/AydZO7/89HUaKR7iNSxmf7cysffwSPNAYpJPmvA0cOBtlGYsrUappc/Kj u+ZPq8S7EP6tIh8qqjLd0moNYwdjl7J3Kk7xPo7hWh2B/72PPeONBn6N+pws7RuJZKlR H9UwLCvrrFxMyXKyZIPk6Ifb5LTRcUN9PQVKyyHr7UvCAciLZz4E9bPXJHlL+Cl+BOMS fkrOpgkIeKdYhOHaGykL+wdUcRPIBubXsrABIKZXOmzEivrN7m2mD1YsLNbF6hkYOmIp Zurg== MIME-Version: 1.0 Received: by 10.52.99.138 with SMTP id eq10mr10783723vdb.25.1343679311353; Mon, 30 Jul 2012 13:15:11 -0700 (PDT) Received: by 10.58.23.165 with HTTP; Mon, 30 Jul 2012 13:15:11 -0700 (PDT) Date: Mon, 30 Jul 2012 16:15:11 -0400 Message-ID: From: George Lind To: openpgp@ietf.org Content-Type: multipart/alternative; boundary=20cf3071cc4a0b991f04c611b8db Subject: [openpgp] calculating PGP signature on a public key X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2012 20:15:12 -0000 --20cf3071cc4a0b991f04c611b8db Content-Type: text/plain; charset=ISO-8859-1 I am trying to figure out from the RFC exactly which fields get hashed when calculating the public key signature. The public key including the packet header and body The user id including the packet header and body signature version signature type public key algorithm hashing algorithm length of the hashed subpackets all the hashed subpackets Can anyone confirm if these are correct? --20cf3071cc4a0b991f04c611b8db Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I am trying to figure out from the RFC exactly which fields get hashed when= calculating the public key signature.

The public key in= cluding the packet header and body

The user id including the pack= et header and body=A0

signature version

signature type

public key algori= thm

hashing algorithm

length of the hashed subpackets

all the hashed subpackets

Can anyone conf= irm if these are correct?

--20cf3071cc4a0b991f04c611b8db-- From clint@debian.org Mon Jul 30 13:59:52 2012 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3877C11E818E for ; Mon, 30 Jul 2012 13:59:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1p9B3GkKzDtv for ; Mon, 30 Jul 2012 13:59:51 -0700 (PDT) Received: from thumb.scru.org (unknown [IPv6:2001:470:a807::1]) by ietfa.amsl.com (Postfix) with ESMTP id AE21111E81C5 for ; Mon, 30 Jul 2012 13:59:51 -0700 (PDT) Received: by thumb.scru.org (Postfix, from userid 1000) id 6B716104EE; Mon, 30 Jul 2012 20:59:49 +0000 (UTC) Date: Mon, 30 Jul 2012 20:59:49 +0000 From: Clint Adams To: George Lind Message-ID: <20120730205949.GA24997@scru.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Cc: openpgp@ietf.org Subject: Re: [openpgp] calculating PGP signature on a public key X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2012 20:59:52 -0000 On Mon, Jul 30, 2012 at 04:15:11PM -0400, George Lind wrote: > I am trying to figure out from the RFC exactly which fields get hashed when > calculating the public key signature. You'll want RFC4880 �5.2.4. If you are actually talking about a signature over a public key, you just want the literal 0x99, the two-octet length of the key, and the body of the key packet. Perhaps you are conflating several different signature types into one. > The public key including the packet header and body > The user id including the packet header and body > signature version > signature type > public key algorithm > hashing algorithm > length of the hashed subpackets > all the hashed subpackets > > Can anyone confirm if these are correct?