From nobody Wed Mar 1 09:30:19 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13803129462 for ; Wed, 1 Mar 2017 09:30:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.369 X-Spam-Level: X-Spam-Status: No, score=-2.369 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.229, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id coee7ruJQaN0 for ; Wed, 1 Mar 2017 09:30:16 -0800 (PST) Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 100121204D9 for ; Wed, 1 Mar 2017 09:30:16 -0800 (PST) Received: by mail-yw0-x22d.google.com with SMTP id v200so38076500ywc.3 for ; Wed, 01 Mar 2017 09:30:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=ZClDcR8mqt1tk4g3gM5mAQqzAqmSOdQTzzQLx972W2g=; b=LeUqNi8EOMGBzELOUVdxLoUBQ3HExW8FdT9GMEyue1xYPi5SLvBhEwlnLAg9Uw0AZv d7vcBK7lo3b+qBM6BoCO4OToi308MIJrZYOv2HRT6duebRsMvnMFZLeoYQwHt9rxe1xj 8hNEntdfIuq5+GqGCsokVYKFFy6O/sheCX6WwW80RGhxJwHeyeS06L9MzwHvZqXwRzXZ h4KZGz177mN9Oy7QHHX9IDoJ8KG3PPDJZRyMMrZweMwCSLqeXtwo+Gxpe0RCIH0yH6iv rN5Rp0ZCIjLXy7XJf3iqFA4rIAi656atbrf7N3b5XhDyJ424qu7ejbTPDqkxMlPLzurc +WEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=ZClDcR8mqt1tk4g3gM5mAQqzAqmSOdQTzzQLx972W2g=; b=b928wvDf40qNbu6AdDuIns37MOPlXpJ07xjjmdnyfIHvjq2Ktg2O0SJ1h5F+a4/J+a q0cW9vVX4gfN9KzbAbSi3IM5h6fZV4HGgp4Qq6RACwZdFuSaWm5kXNq9NTCvbKH1mB8j Qwupb0GTS3YGM+rZBfHOU1ybhnlPf5bfiEgkZg8ajME+ozw5I+wKsTCAfN8Vx3npKrGr bx3QHM/GVPP74TJCcPs7KmFtPxinVrO8AKwfbdeOMI/Uga3R/+NYNjl+IcatmEm5KO8G bX+hceKw1D0NyU1JjaMM7Zv/by42T7Tk6EcWwPwrvC1ZwUFReHljA4/z72LLVYeQUtQz HDpQ== X-Gm-Message-State: AMke39kvzeqD+lnvT2K1i8sEoFUErFXuqKHs8fAEmfjNFlldLw7yc0hoHi6QIs30YYxwWkeynzhoFls/Uk+uyg== X-Received: by 10.129.153.19 with SMTP id q19mr3846708ywg.186.1488389414974; Wed, 01 Mar 2017 09:30:14 -0800 (PST) MIME-Version: 1.0 Sender: hallam@gmail.com Received: by 10.83.19.20 with HTTP; Wed, 1 Mar 2017 09:30:14 -0800 (PST) From: Phillip Hallam-Baker Date: Wed, 1 Mar 2017 12:30:14 -0500 X-Google-Sender-Auth: wq7GZL39-oCD8hwlePHTkUIJKLs Message-ID: To: IETF OpenPGP Content-Type: multipart/alternative; boundary=94eb2c0b7a5c5dfadb0549aeaaa9 Archived-At: Subject: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 17:30:18 -0000 --94eb2c0b7a5c5dfadb0549aeaaa9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Given the SHA-1 break, Could we return to the V5 fingerprint discussion? The issue we are seeing the the SHA-1 break is that a LOT of software is based on the assumption that SHA-1 is unique. And this is causing software to crash in real world applications. For example, lets say you are using a GIT like system and some joker has uploaded different versions of the the colliding PDF into different instances of the same repository. The two repositories can function quite happily for quite a while without noticing anything amiss. The problem comes when we then take SHA-1 hash of the bulk data in both repos: SHA1(Evil) =3D SHA1(Evil') But SHA1 (Evil + M0 + .... ) !=3D SHA1 (Evil' + M0 + .... ) We really do need to push to get SHA-1 eliminated before the cost of this attack falls to the point where you only need 50 GPU years to do it.... The proposal I made introduces a context into the fingerprint so that S/MIME, OpenPGP, etc. can all use the same fingerprint format without semantic substitution attacks being possible. ##V5 Fingerprint calculation and presentation A V5 fingerprint value is a sequence of bits that provides a sufficiently unique identifier for a public key. In addition to generating and accepting the text string presentation used in earlier versions of OpenPGP applications MAY support such additional presentation formats as are found to be useful. Conforming V5 OpenPGP implementations MUST support the V5 Fingerprint text presentation format for display and entry of fingerprint values. Support for all other fingerprint values is optional. ###V5 Fingerprint value calculation The OpenPGP V5 fingerprint value is calculated as follows Fingerprint =3D + H ( + =E2=80=98:=E2=80=99 + H(<= data>)) Where: Version-ID =3D 0x60 Content-ID =3D "application/pgp-v5-key" <> H(x) =3D SHA-2-512(x) =3D =3D a.1) 0x99 (1 octet) a.2) high-order length octet of (b)-(d) (1 octet) a.3) low-order length octet of (b)-(d) (1 octet) b) version number =3D 5 (1 octet); c) algorithm (1 octet): 17 =3D DSA (example); d) Algorithm-specific fields. The value of Version-ID is intentionally chosen so that the first character of every V5 fingerprint in the text presentation format is 'M', a character that is guaranteed not to appear in a V4 or earlier fingerprint format where hexadecimal values were used. Thus ensuring that V5 fingerprints are not accidentally confused. The construction of the data sequence over which the hash value is calculated follows the construction used in V4 with the omission of the key creation timestamp field. This ensures that a given set of public key parameters has exactly one V5 fingerprint value. The Content-ID is a MIME content type identifier that indicates that fingerprint value is of data in the pgp-v5-key format specified above and is intended for use with an OpenPGP application. If a fingerprint value is to be calculated for a public key value specified in a different format (e.g. a PKIX certificate or key) or for a future version of OpenPGP with a different format, a different Content-ID value MUST be used. ###V5 Fingerprint Text Presentation. The Binary Fingerprint Value is truncated to an integer multiple of 25 bits regardless of the intended output presentation. The output of the hash function is truncated to a sequence of n bits by first selecting the first n/8 bytes of the output function. If n is an integer multiple of 8, no additional bits are required and this is the result. Otherwise the remaining bits are taken from the most significant bits of the next byte and any unused bits set to 0. For example, to truncate the byte sequence [a0, b1, c2, d3, e4] to 25 bits. 25/8 =3D 3 bytes with 1 bit remaining, the first three bytes of the truncated sequence is [a0, b1, c2] and the final byte is e4 AND 80 =3D 80 which we add to the previous result to obtain the final truncated sequence of [a0, b1, c2, 80] A modified version of Base32 [!RFC4648] encoding is used to present the fingerprint in text form grouping the output text into groups of five characters separated by a dash =E2=80=98-=E2=80=98. # IANA Requirements Register a new content type for application/pgp-v5-key --94eb2c0b7a5c5dfadb0549aeaaa9 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Giv= en the SHA-1 break, Could we return to the V5 fingerprint discussion?
=

The issue we are seeing the th= e SHA-1 break is that a LOT of software is based on the assumption that SHA= -1 is unique. And this is causing software to crash in real world applicati= ons.

=

For example, lets say you are = using a GIT like system and some joker has uploaded different versions of t= he the colliding PDF into different instances of the same repository. The t= wo repositories can function quite happily for quite a while without notici= ng anything amiss. The problem comes when we then take SHA-1 hash of the bu= lk data in both repos:

SH= A1(Evil) =3D SHA1(Evil')

But

SHA1 (Evil + M0 += .... ) !=3D SHA1 (Evil' + M0 + .... )=C2=A0

We really do need to push to get SHA-1 eliminated b= efore the cost of this attack falls to the point where you only need 50 GPU= years to do it....


<= /div>
The proposal I = made introduces a context into the fingerprint so that S/MIME, OpenPGP, etc= . can all use the same fingerprint format without semantic substitution att= acks being possible.


=
##V5 Fingerprint calculation and = presentation
<= br>
A V5 finge= rprint value is a sequence of bits that provides a sufficiently=C2=A0
=
unique identifier f= or a public key. In addition to generating and accepting=C2=A0
the text string presentati= on used in earlier versions of OpenPGP applications
MAY support such additional presentat= ion formats as are found to be useful.

Conforming V5 OpenPGP implementations MUST support the V5 F= ingerprint
tex= t presentation format for display and entry of fingerprint values.
Support for all other = fingerprint values is optional.

###V5 Fingerprint value calculation

The OpenPGP V5 fingerprint value is calculated as fol= lows

Fingerprint =3D &l= t;Version-ID> + H (<Content-ID> =C2=A0+ =E2=80=98:=E2=80=99 + H(&l= t;data>))
<= br>
Where:

Version-ID =3D 0x60
<= div class=3D"gmail_default" style=3D"font-size:12.8px">
Content-ID =3D "applicat= ion/pgp-v5-key"=C2=A0
<<MIME Con= tent-Type string TBS by IANA>>

H(x) =3D SHA-2-512(x)

<data> =3D <pgp-v5-key>

<pgp-v5-key> =3D=C2=A0

a.1) 0x99 (1 octet)

a.2) high-order length octet of (b)-(d) (1 oct= et)

=
a.3) low-order leng= th octet of (b)-(d) (1 octet)

b) version number =3D 5 (1 octet);

c) algorithm (1 octet): 17 =3D DSA (example);

d) Algorithm-specific fields.

The value of Version-ID is= intentionally chosen so that
the first character of every V5 fingerprint in the text pre= sentation=C2=A0
format is 'M', a character that is guaranteed not to appear in a = V4=C2=A0
or ea= rlier fingerprint format where hexadecimal values were used.
Thus ensuring that V5 finger= prints are not accidentally confused.

The construction of the data sequence over which the hash va= lue=C2=A0
is c= alculated follows the construction used in V4 with the omission
of the key creation times= tamp field. This ensures that a given set=C2=A0
of public key parameters has exactly one = V5 fingerprint value.

T= he Content-ID is a MIME content type identifier that indicates that
fingerprint value is = of data in the pgp-v5-key format specified=C2=A0
above and is intended for use with an Op= enPGP application.=C2=A0

If a fingerprint value is to be calculated for a public key value=C2=A0
specified in a = different format (e.g. a PKIX certificate or key)
or for a future version of OpenPGP with= a different <data> format,
a different Content-ID value MUST be used.


###V5 Fingerprint Text Presentation.
=

The Binary Fingerprint Value= is truncated to an integer multiple=C2=A0
of 25 bits regardless of the intended output p= resentation. =C2=A0

The= output of the hash function is truncated to a sequence of n bits=C2=A0
by first selectin= g the first n/8 bytes of the output function. If n=C2=A0
is an integer multiple of 8, no = additional bits are required and=C2=A0
this is the result. Otherwise the remaining bits a= re taken from the=C2=A0
most significant bits of the next byte and any unused bits set to= 0.

=
For example, to tru= ncate the byte sequence [a0, b1, c2, d3, e4] to=C2=A0
25 bits. 25/8 =3D 3 bytes with 1 bi= t remaining, the first three bytes=C2=A0
of the truncated sequence is [a0, b1, c2] and th= e final byte is=C2=A0
e4 AND 80 =3D 80 which we add to the previous result to obtain the= =C2=A0
final t= runcated sequence of [a0, b1, c2, 80]

A modified version of Base32 [!RFC4648] encoding is used to = present=C2=A0
= the fingerprint in text form grouping the output text into groups of=C2=A0<= /div>
five character= s separated by a dash =E2=80=98-=E2=80=98.=C2=A0


# IANA Requirements

Register a new content type for application/pgp-v5-key=C2=A0<= /div>
--94eb2c0b7a5c5dfadb0549aeaaa9-- From nobody Wed Mar 1 10:08:32 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BD70129640 for ; Wed, 1 Mar 2017 10:08:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1dKxz0OJkvoT for ; Wed, 1 Mar 2017 10:08:30 -0800 (PST) Received: from mail.hashbang.sh (mail.hashbang.sh [104.236.46.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20FC112963C for ; Wed, 1 Mar 2017 10:08:30 -0800 (PST) Received: from localhost (to1.hashbang.sh [104.245.37.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hashbang.sh (Postfix) with ESMTPS id 0DFFB168A2; Wed, 1 Mar 2017 18:08:28 +0000 (UTC) Date: Wed, 1 Mar 2017 18:08:27 +0000 From: KellerFuchs To: Phillip Hallam-Baker Message-ID: <20170301180827.GD2@hashbang.sh> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 18:08:31 -0000 Hi, On Wed, Mar 01, 2017 at 12:30:14PM -0500, Phillip Hallam-Baker wrote: > The issue we are seeing the the SHA-1 break is that a LOT of software is > based on the assumption that SHA-1 is unique. And this is causing software > to crash in real world applications. Not entirely sure what a standard change can do about that, except from using a collision-resistant hash function which is expected to stay so for the forseeable future, and have the ability to switch to a new fingerprint format. > The proposal I made introduces a context into the fingerprint so that > S/MIME, OpenPGP, etc. can all use the same fingerprint format without > semantic substitution attacks being possible. This seems sensible to me, but I don't see how it would protect against a future weakness of the hash function. However, it is useful to stop attacks where a single document would be valid as a v5 key and as S/MIME (for instance), with both interpretations having identical fingerprints. I don't see an immediate attack vector there, but I'm very much not an expert on polyglots. > ##V5 Fingerprint calculation and presentation > > A V5 fingerprint value is a sequence of bits that provides a sufficiently > unique identifier for a public key. In addition to generating and accepting > the text string presentation used in earlier versions of OpenPGP > applications > MAY support such additional presentation formats as are found to be useful. > > Conforming V5 OpenPGP implementations MUST support the V5 Fingerprint > text presentation format for display and entry of fingerprint values. > Support for all other fingerprint values is optional. > > ###V5 Fingerprint value calculation > > The OpenPGP V5 fingerprint value is calculated as follows > > Fingerprint = + H ( + ‘:’ + H()) Why a colon, rather than a NUL byte? (It's not obvious that Content-Type strings, esp. auxiliary parameters, cannot contain colons) Best, Keller From nobody Wed Mar 1 11:41:51 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42DE1129895 for ; Wed, 1 Mar 2017 11:41:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.334 X-Spam-Level: X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inurbanus.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id frt-V8QLYU4a for ; Wed, 1 Mar 2017 11:41:47 -0800 (PST) Received: from mail-ua0-x22d.google.com (mail-ua0-x22d.google.com [IPv6:2607:f8b0:400c:c08::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 448D91298AB for ; Wed, 1 Mar 2017 11:41:46 -0800 (PST) Received: by mail-ua0-x22d.google.com with SMTP id f54so51500964uaa.1 for ; Wed, 01 Mar 2017 11:41:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fr/hQCnF+SAHQA+kb45TPo2z+z0blxCr4rimcgzHhFM=; b=uBaX5bn8OkOQIK/1NNN2yENqB66eI69o+Gn5BQSOHGhO7Tt2s0EFqJjv7dJNMtUt9s gU0eYEcFPK5EQFcRlnBU7+lk9TPkxcBulXYvDwopEEx5Nw3N9akULBTXAP+DO9zObEMW k07BlM9KNZu+JqBV3s0iDPFi7IGlijna6EApk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fr/hQCnF+SAHQA+kb45TPo2z+z0blxCr4rimcgzHhFM=; b=mCK3PzZGLcfrHbBKdGSDHpPrqnbSnx+tvoWv4EHrAB3+6IP7S0aIK9kgCLCVJceChO 5uRnIWWi1Gq0Hs7Cy9M0rua5E0STm55+9GLCiGLJX5wCQ/ONwBsj1eQ1CoxQrh5xnqhD eY4Z48SeEVgSXF0uwH5wfNdFpMNU6eIU/yELb0F4hwEYhTSRjGNOTq2SQNjZG9FvtyLX 4QAr87jHXFM+KeELovIEHaUuIgsV3WC/0ZbSFSFVInnhGZMSjErWdnAkL/nTA+KAHC1V MKlVEbqyAYEc/BZUX9idkcmetKGug/eCT0CtvVF6HhbZM/A7XU0rCwqHwvddARRak9LI uqpQ== X-Gm-Message-State: AMke39mLADP/7X7GijErjrVq4tMK29G/cwKsFZHd/P1ciLx+dYil3F32+QCtNZjn2fEXiPHB57SrbMvxrzy53g== X-Received: by 10.176.22.136 with SMTP id e8mr4258465uaf.154.1488397305985; Wed, 01 Mar 2017 11:41:45 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.102.3 with HTTP; Wed, 1 Mar 2017 11:41:45 -0800 (PST) In-Reply-To: References: From: Thijs van Dijk Date: Wed, 1 Mar 2017 20:41:45 +0100 Message-ID: To: Phillip Hallam-Baker Content-Type: multipart/alternative; boundary=f403045f88f2b553d10549b080e6 Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 19:41:49 -0000 --f403045f88f2b553d10549b080e6 Content-Type: text/plain; charset=UTF-8 > > Given the SHA-1 break, Could we return to the V5 fingerprint discussion? > > The issue we are seeing the the SHA-1 break is that a LOT of software is > based on the assumption that SHA-1 is unique. And this is causing software > to crash in real world applications. > Thanks for reviving this discussion. While as I previously stated your proposal for the new fingerprint format still looks good to me, I don't agree that this newest break against SHA-1 is grounds for alarm. Note, software does not require a hash break to crash, it's perfectly capable of doing that even if the hash algorithm is sound. I remember a story of some app crashing because someone reused the key material from the primary key as a subkey packet, so the subkey and primary would have shared their fingerprint regardless of the hash used. This is just something apps will have to deal with no matter what; the only thing that's different from a few days ago is that bugs like this may just have become a lot easier to reproduce. Until I see evidence to the contrary, I'm going to assume the sky is not falling. Not this week. However, there certainly are some interesting avenues of investigation in light of this recent discovery: 1) Should we deprecate SHA1 in signatures? (Or did we already?) 2) How does SKS handle disambiguation? If I submit different keys with matching fingerprints at different endpoints in the sync network, how will those keys propagate to the other nodes? 3) Does GnuPG have any way to disambiguate? Do the different automatable interfaces expose this capability? I'd say question 1 is the most pressing of the tree, and it's also the one question we could answer at the standards level. If we manage to make a decision on that, we're definitly on the right track w.r.t. letting go of SHA1. (Hint: the answer should be "yes.") -Thijs --f403045f88f2b553d10549b080e6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Given the SHA-1 break, Could we return to the V5 finge= rprint discussion?

The issue we are seeing the the SHA-1 break is that a = LOT of software is based on the assumption that SHA-1 is unique. And this i= s causing software to crash in real world applications.

Thanks for reviving this discussion. While as I pr= eviously stated your proposal for the new fingerprint format still looks go= od to me, I don't agree that this newest break against SHA-1 is grounds= for alarm.

Note, software does not require a hash= break to crash, it's perfectly capable of doing that even if the hash = algorithm is sound. I remember a story of some app crashing because someone= reused the key material from the primary key as a subkey packet, so the su= bkey and primary would have shared their fingerprint regardless of the hash= used. This is just something apps will have to deal with no matter what; t= he only thing that's different from a few days ago is that bugs like th= is may just have become a lot easier to reproduce.

=
Until I see evidence to the contrary, I'm going to assume the sky = is not falling. Not this week.

However, there cert= ainly are some interesting avenues of investigation in light of this recent= discovery:

1)=C2=A0Should we deprecate SHA1 in si= gnatures? (Or did we already?)
2) How does SKS handle disambiguat= ion? If I submit different keys with matching fingerprints at different end= points in the sync network, how will those keys propagate to the other node= s?
3) Does GnuPG have any way to disambiguate? Do the different a= utomatable interfaces expose this capability?

I= 9;d say question 1 is the most pressing of the tree, and it's also the = one question we could answer at the standards level. If we manage to make a= decision on that, we're definitly on the right track w.r.t. letting go= of SHA1. (Hint: the answer should be "yes.")

-Thijs
--f403045f88f2b553d10549b080e6-- From nobody Wed Mar 1 11:42:38 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C91FB12968B for ; Wed, 1 Mar 2017 11:42:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.334 X-Spam-Level: X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inurbanus.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7OsQVX5oh9I4 for ; Wed, 1 Mar 2017 11:42:37 -0800 (PST) Received: from mail-ua0-x235.google.com (mail-ua0-x235.google.com [IPv6:2607:f8b0:400c:c08::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBDFF129676 for ; Wed, 1 Mar 2017 11:42:36 -0800 (PST) Received: by mail-ua0-x235.google.com with SMTP id c11so2278238uaa.0 for ; Wed, 01 Mar 2017 11:42:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=wDw7UbcyHPWTR+L8y6h29rKrkXAqBlAATOy/JuvFoeI=; b=Tbp7zAp5TXMrZ+tASoh5Up1shb7gKoZc5ydUJVJp/nJZ/KSDB/l4mazlvCP4LXidUg aIephTkLlBhH2E0EZrAE4zKpsebelLU+a5JUGUYJEotqw3/uOF11RP0Cl4gOIK27URnk 8bf6QsT/NDmtR7aiSbXJnkcK0oMYNp824xhoI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=wDw7UbcyHPWTR+L8y6h29rKrkXAqBlAATOy/JuvFoeI=; b=TxUhHbrhvksn8+p01LICDXXabNZfITZ/m1vubR/pGpD0rrdBrIOeuYWBgqO9zzQSx9 eDVk0o2NCd7QszjFuwiPRZblag4Mj7Lh2iNnmtiYxauAJkFjWIEzenrRRPhXwidLWzGE pnjz7B/3xKJ5yRFJOkq61+IuO7MXDUGRgAwjwLG7seN0BLDoQuE1m4QM97Wih2xq+uRQ eWfUyNLtet//uyPYneCm1u03AfuSC/XiziFeltpdG2FsU7RApEuxPfsEKPHq8lpegFTN T1bKZn+FRBKticoX5UqNiz28EBrcmpqICI1mqi3IsWUyW3bC5AiJEwFd+kG60gDDcks0 NZ5w== X-Gm-Message-State: AMke39lDv+RqgWOggap6nVmBf9gII4nshi/olAl6rc+rL5H4MNJI5RIc8gHLjLxMRH8AOZAcfGDRb/3CZ2TwWQ== X-Received: by 10.31.133.16 with SMTP id h16mr1347061vkd.26.1488397356002; Wed, 01 Mar 2017 11:42:36 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.102.3 with HTTP; Wed, 1 Mar 2017 11:42:35 -0800 (PST) In-Reply-To: <20170301180827.GD2@hashbang.sh> References: <20170301180827.GD2@hashbang.sh> From: Thijs van Dijk Date: Wed, 1 Mar 2017 20:42:35 +0100 Message-ID: To: KellerFuchs Content-Type: multipart/alternative; boundary=001a11c0081ab084ad0549b083fb Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 19:42:38 -0000 --001a11c0081ab084ad0549b083fb Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable > > > ###V5 Fingerprint value calculation > > > > The OpenPGP V5 fingerprint value is calculated as follows > > > > Fingerprint =3D + H ( + =E2=80=98:=E2=80=99 += H()) > > Why a colon, rather than a NUL byte? > (It's not obvious that Content-Type strings, esp. auxiliary parameters, > cannot contain colons) Well, if it helps: if you look closely, the data is hashed twice, once without the content ID and a second time with content ID prepended, so there's no chance of ambiguity, if that's what you were worried about. Anything from the question of "should there be any separator at all?" onwards is a matter of personal preference, really. -Thijs --001a11c0081ab084ad0549b083fb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
> ###V5 Fingerprint value ca= lculation
>
> The OpenPGP V5 fingerprint value is calculated as follows
>
> Fingerprint =3D <Version-ID> + H (<Content-ID>=C2=A0 + =E2= =80=98:=E2=80=99 + H(<data>))

Why a colon, rather than a NUL byte?
(It's not obvious that Content-Type strings, esp. auxiliary parameters,=
=C2=A0cannot contain colons)

Well, if it he= lps: if you look closely, the data is hashed twice, once without the conten= t ID and a second time with content ID prepended, so there's no chance = of ambiguity, if that's what you were worried about. Anything from the = question of "should there be any separator at all?" onwards is a = matter of personal preference, really.

-Thijs
--001a11c0081ab084ad0549b083fb-- From nobody Wed Mar 1 12:02:48 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EFE5129951 for ; Wed, 1 Mar 2017 12:02:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EMRzBm8UIePP for ; Wed, 1 Mar 2017 12:02:44 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F3031298C2 for ; Wed, 1 Mar 2017 12:02:44 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cjASQ-0005vJ-Rs for ; Wed, 01 Mar 2017 21:02:42 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cjAMj-00040A-Vy; Wed, 01 Mar 2017 20:56:50 +0100 From: Werner Koch To: Phillip Hallam-Baker References: Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Phillip Hallam-Baker , IETF OpenPGP Date: Wed, 01 Mar 2017 20:56:49 +0100 In-Reply-To: (Phillip Hallam-Baker's message of "Wed, 1 Mar 2017 12:30:14 -0500") Message-ID: <874lzcbwji.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=USCODE_Axis_of_Evil_industrial_espionage_high_security_unclassified="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 20:02:46 -0000 --=USCODE_Axis_of_Evil_industrial_espionage_high_security_unclassified= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 1 Mar 2017 18:30, phill@hallambaker.com said: > The issue we are seeing the the SHA-1 break is that a LOT of software is > based on the assumption that SHA-1 is unique. And this is causing software > to crash in real world applications. It is not an issue for us because we are not affected by a collision attacks and signatures are anyway done for quite some time using SHA-2. The proposal we made in Berlin was to use use SHA-256 truncated to 25 octets for the new v5 key format. Unfortunately I have been too busy to push this forward but it is now on my short list. The rationale for SHA-256 is that it is faster on small systems and anyway needed for backward compatibility with existing RSA signatures. Truncating from 32 to 25 octets allows for easy human fingerprint verification and also to keep the size of signatures small (note that we now include the fingerprint in the signatures for easy public key lookup). > The proposal I made introduces a context into the fingerprint so that > S/MIME, OpenPGP, etc. can all use the same fingerprint format without Unfortunately your proposal diverts heavily from the existing standard and would thus not be an easy change. Recall that a OpenPGP is used by small device and thus we need to have an easy migration path towards a v5 key. The proposal also adds a textual representation format which has always been out of scope in OpenPGP. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=USCODE_Axis_of_Evil_industrial_espionage_high_security_unclassified= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWLcngQAKCRD/gK6dHew1 jW6NAP9OUb7ZSgnwR9blfsC7L1ThuwoJOtWTVqWEubuQVd1TFQD8Df63n5d/koMn IB16Bfam+EsYa+wMTFD1erPNeYHQNg0= =Khqh -----END PGP SIGNATURE----- --=USCODE_Axis_of_Evil_industrial_espionage_high_security_unclassified=-- From nobody Wed Mar 1 12:22:46 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4FE71298B5 for ; Wed, 1 Mar 2017 12:22:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DaKmP8V-L0JK for ; Wed, 1 Mar 2017 12:22:43 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCDF0129891 for ; Wed, 1 Mar 2017 12:22:43 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cjAlm-00068H-52 for ; Wed, 01 Mar 2017 21:22:42 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cjAfG-000487-Pn; Wed, 01 Mar 2017 21:15:58 +0100 From: Werner Koch To: Thijs van Dijk References: Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Thijs van Dijk , Phillip Hallam-Baker , IETF OpenPGP Date: Wed, 01 Mar 2017 21:15:58 +0100 In-Reply-To: (Thijs van Dijk's message of "Wed, 1 Mar 2017 20:41:45 +0100") Message-ID: <87lgsoah35.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=Abbas_counter_terrorism_advisors_Janet_Reno_Khaddafi_fissionable_Nor"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Cc: Phillip Hallam-Baker , IETF OpenPGP Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 20:22:45 -0000 --=Abbas_counter_terrorism_advisors_Janet_Reno_Khaddafi_fissionable_Nor Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 1 Mar 2017 20:41, schnabbel@inurbanus.nl said: > 1) Should we deprecate SHA1 in signatures? (Or did we already?) This would break all existing signatures for no good reason. Instead a new v5 key format MUST NOT be used with signatures "weaker" than SHA-256. It is up to an implementation to decide what to do with old keys and signature material. The question is related to the old question what to do with an expired or revoked signature key: are all signatures are then suddenly untrustworthy or is there enough external context which allows to decide that the signed document is still intact? Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=Abbas_counter_terrorism_advisors_Janet_Reno_Khaddafi_fissionable_Nor Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWLcr/gAKCRD/gK6dHew1 jYydAP47o012oycpl0voHXfiLOlhpANzF3uQ8+XzoKBoqU2aogEA79bnXlijdk8b 5F+0d/EaDoA+fNWa6Z6+68Vk4/Xl1Ac= =o2F6 -----END PGP SIGNATURE----- --=Abbas_counter_terrorism_advisors_Janet_Reno_Khaddafi_fissionable_Nor-- From nobody Wed Mar 1 13:01:55 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE1D81296BE for ; Wed, 1 Mar 2017 13:01:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tl2nN8f7Eq-W for ; Wed, 1 Mar 2017 13:01:52 -0800 (PST) Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) by ietfa.amsl.com (Postfix) with ESMTP id 6B92F12967C for ; Wed, 1 Mar 2017 13:01:52 -0800 (PST) Received: from WBC109C4 (unknown [4.16.247.2]) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id 26F7F1228B108; Wed, 1 Mar 2017 13:01:50 -0800 (PST) From: "Robert J. Hansen" To: "'Werner Koch'" References: <87lgsoah35.fsf@wheatstone.g10code.de> In-Reply-To: <87lgsoah35.fsf@wheatstone.g10code.de> Date: Wed, 1 Mar 2017 16:02:05 -0500 Message-ID: <00cc01d292cf$1578a780$4069f680$@sixdemonbag.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQKY9p4/9MhEEL+om6VwIPLqF3qWHQHsrIHyAmhnF+2f0QecoA== Content-Language: en-us X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Wed, 01 Mar 2017 13:01:50 -0800 (PST) Archived-At: Cc: 'IETF OpenPGP' Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 21:01:54 -0000 > > 1) Should we deprecate SHA1 in signatures? (Or did we already?) > > This would break all existing signatures for no good reason. Instead a new v5 > key format MUST NOT be used with signatures "weaker" than SHA-256. Deprecation is not the same as obsoleting. Deprecation doesn't break existing signatures; it just says new signatures MUST NOT use SHA-1. It sounds as if you're agreeing with the deprecation suggestion. Or am I badly misunderstanding something? From nobody Wed Mar 1 15:27:41 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 450471295E1 for ; Wed, 1 Mar 2017 15:27:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.236 X-Spam-Level: X-Spam-Status: No, score=-1.236 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iA7dr1abhSMu for ; Wed, 1 Mar 2017 15:27:39 -0800 (PST) Received: from smtp.smtpout.orange.fr (smtp05.smtpout.orange.fr [80.12.242.127]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FED412943B for ; Wed, 1 Mar 2017 15:27:38 -0800 (PST) Received: from [0.0.0.0] ([91.121.91.176]) by mwinf5d81 with ME id qnTb1u0013oJ4gz03nTb1G; Thu, 02 Mar 2017 00:27:36 +0100 X-ME-Helo: [0.0.0.0] X-ME-Auth: bGVvLmdhc3BhcmRAd2FuYWRvby5mcg== X-ME-Date: Thu, 02 Mar 2017 00:27:36 +0100 X-ME-IP: 91.121.91.176 To: openpgp@ietf.org References: From: Leo Gaspard Message-ID: Date: Thu, 2 Mar 2017 00:27:22 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CQ0sm4DsnrDm4g0PJ1qoVHA69wEm1j3lI" Archived-At: Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 23:27:40 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CQ0sm4DsnrDm4g0PJ1qoVHA69wEm1j3lI Content-Type: multipart/mixed; boundary="WTsdAtMnrR9aTds8DDmdBSRVg8NUGv8MH"; protected-headers="v1" From: Leo Gaspard To: openpgp@ietf.org Message-ID: Subject: Re: [openpgp] V5 Fingerprint again References: In-Reply-To: --WTsdAtMnrR9aTds8DDmdBSRVg8NUGv8MH Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 03/01/2017 06:30 PM, Phillip Hallam-Baker wrote: > H(x) =3D SHA-2-512(x) Hoping this hasn't been discussed before, but... is there a reason for not picking SHA3-512? (or SHAKE256 with 25*8 bits of output if willing to stay at 25 octets for the fingerprint) This should push back the next required switch to a v6 key. --WTsdAtMnrR9aTds8DDmdBSRVg8NUGv8MH-- --CQ0sm4DsnrDm4g0PJ1qoVHA69wEm1j3lI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEEplquSIS+CbvsrRWvilWEi2CQ+c8FAli3WNoACgkQilWEi2CQ +c/zkAv/S5xmijlHcxAljpq9ApFrLbkOouDhx1v+RpWFD0KjAVHOqgZIHPIKfa7L HJQxhgOk6TEnfpAndz8VTG4zmwe0kC6qmXEJpDTQQvbcWVC/4GQOZvRjjcqiAs9Q 8ZkAfNyugayMcGDNvfqBn++g+TqECWPRHgxH4oPRKfQ8QJgLnC13miWt3g4jbB8M 5ZzObxz3DCwrG2iZLuKqiysivRrqq4bjFnIcQ99c6o3ckUWaFMWfvIUHGNl51/Eb 6r9l+cOmebcl/FqoKhFYIO/cSOQyCv6JWHvhirlUdQGBe09ztO9lwST20nxlfMKk 5l/dJm75eoF+2lekaoulMzRfu8lltIGc3O/cwsCNxJgrXA6C6zgrtoDl6UM4LZDf T0StjVoiMGH+wwxe8WvonW+7df1sIhZCYalqcq7b4eDz/6kCGU30Dw1Pwvru024z 8iwNzhdL9t0Y74ALQpvqHoFhtEUjt5ztHdlwWiclNfy/Q/+F/LCpNW2NC7khRJ5v ZYLKGfV0 =mnU5 -----END PGP SIGNATURE----- --CQ0sm4DsnrDm4g0PJ1qoVHA69wEm1j3lI-- From nobody Wed Mar 1 16:12:31 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B871128DF6 for ; Wed, 1 Mar 2017 16:12:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.019 X-Spam-Level: X-Spam-Status: No, score=-1.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dLsuNa47bKfz for ; Wed, 1 Mar 2017 16:12:28 -0800 (PST) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99877129422 for ; Wed, 1 Mar 2017 16:12:28 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 2CE73E2040; Wed, 1 Mar 2017 19:12:27 -0500 (EST) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 06854-09; Wed, 1 Mar 2017 19:12:21 -0500 (EST) Received: from [11.108.128.119] (66-87-80-119.pools.spcsdns.net [66.87.80.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mail2.ihtfp.org (Postfix) with ESMTPSA id 3698DE203A; Wed, 1 Mar 2017 19:12:21 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1488413541; bh=RP+31eWd1kQEDMKAn86eUskSHm6kuglTddLA+aCbcq8=; h=To:From:Subject:Date; b=CWSrKMpYGh4zDBOU4lvGjs3qax9bVu/tHCAIBNsaUjucO1qFxHTMKdZSUwq6AI6QS pT6TzBwfcERK6tAeBmNO28CBF9iZyI8DT5freNyTSwwCeI+757QNggiHEEz4D/yjMk 0n5adRMKte6iYlYhUk7z6pI80CK1H0kakdMORncM= To: "=?utf-8?B?TGVvIEdhc3BhcmQ=?=" ,openpgp@ietf.org From: "=?utf-8?B?RGVyZWsgQXRraW5z?=" Date: Wed, 01 Mar 2017 19:12:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_0_1488413540867" X-Virus-Scanned: Maia Mailguard 1.0.2a Message-Id: <20170302001227.2CE73E2040@mail2.ihtfp.org> Archived-At: Subject: Re: [openpgp] =?utf-8?q?V5_Fingerprint_again?= X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 00:12:31 -0000 ------=_Part_0_1488413540867 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 Content-Disposition: inline QmVjYXVzZSB0aGUgU0hBMyBjb21wZXRpdGlvbiBzaG93ZWQgdXMgdGhhdCBTSEEyIGlzIGEgZ29v ZCBoYXNoLi4uICBhbmQgU0hBMiBpcyBtdWNoIGZhc3RlciB0aGFuIFNIQTMuCgotZGVyZWsKClNl bnQgZnJvbSBteSBtb2JpbGUgZGV2aWNlLiBQbGVhc2UgZXhjdXNlIGFueSB0eXBvcy4KCi0tLS0t IFJlcGx5IG1lc3NhZ2UgLS0tLS0KRnJvbTogIkxlbyBHYXNwYXJkIiA8bGVvQGdhc3BhcmQuaW8+ ClRvOiA8b3BlbnBncEBpZXRmLm9yZz4KU3ViamVjdDogW29wZW5wZ3BdIFY1IEZpbmdlcnByaW50 IGFnYWluCkRhdGU6IFdlZCwgTWFyIDEsIDIwMTcgNjoyNyBQTQoKT24gMDMvMDEvMjAxNyAwNjoz MCBQTSwgUGhpbGxpcCBIYWxsYW0tQmFrZXIgd3JvdGU6Cj4gSCh4KSA9IFNIQS0yLTUxMih4KQoK SG9waW5nIHRoaXMgaGFzbid0IGJlZW4gZGlzY3Vzc2VkIGJlZm9yZSwgYnV0Li4uIGlzIHRoZXJl IGEgcmVhc29uIGZvcgpub3QgcGlja2luZyBTSEEzLTUxMj8gKG9yIFNIQUtFMjU2IHdpdGggMjUq OCBiaXRzIG9mIG91dHB1dCBpZiB3aWxsaW5nCnRvIHN0YXkgYXQgMjUgb2N0ZXRzIGZvciB0aGUg ZmluZ2VycHJpbnQpCgpUaGlzIHNob3VsZCBwdXNoIGJhY2sgdGhlIG5leHQgcmVxdWlyZWQgc3dp dGNoIHRvIGEgdjYga2V5Lg== ------=_Part_0_1488413540867 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 Content-Disposition: inline PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6ICdDYWxpYnJpJywgJ3NhbnMtc2VyaWYnOyI+PGRpdiBk aXI9Imx0ciI+CjxkaXYgZGlyPSJsdHIiPkJlY2F1c2UgdGhlIFNIQTMgY29tcGV0aXRpb24gc2hv d2VkIHVzIHRoYXQgU0hBMiBpcyBhIGdvb2QgaGFzaC4uLiAmbmJzcDthbmQgU0hBMiBpcyBtdWNo IGZhc3RlciB0aGFuIFNIQTMuPC9kaXY+PGRpdiBkaXI9Imx0ciI+PGJyPjwvZGl2PjxkaXYgZGly PSJsdHIiPjxkaXYgZGlyPSJsdHIiPi1kZXJlazwvZGl2PjxkaXYgZGlyPSJsdHIiPjxicj48L2Rp dj48ZGl2IGRpcj0ibHRyIj5TZW50IGZyb20gbXkgbW9iaWxlIGRldmljZS4gUGxlYXNlIGV4Y3Vz ZSBhbnkgdHlwb3MuPC9kaXY+PC9kaXY+Cgo8L2Rpdj48YnI+PGRpdiBpZD0iaHRjX2hlYWRlciI+ LS0tLS0gUmVwbHkgbWVzc2FnZSAtLS0tLTxicj5Gcm9tOiAmcXVvdDtMZW8gR2FzcGFyZCZxdW90 OyAmbHQ7bGVvQGdhc3BhcmQuaW8mZ3Q7PGJyPlRvOiAmbHQ7b3BlbnBncEBpZXRmLm9yZyZndDs8 YnI+U3ViamVjdDogW29wZW5wZ3BdIFY1IEZpbmdlcnByaW50IGFnYWluPGJyPkRhdGU6IFdlZCwg TWFyIDEsIDIwMTcgNjoyNyBQTTwvZGl2PjwvZGl2Pjxicj48ZGl2IGRpcj0ibHRyIj48cHJlIHN0 eWxlPSJ3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IHdoaXRlLXNwYWNlOiBwcmUtd3JhcDsiPk9uIDAz LzAxLzIwMTcgMDY6MzAgUE0sIFBoaWxsaXAgSGFsbGFtLUJha2VyIHdyb3RlOgomZ3Q7IEgoeCkg PSBTSEEtMi01MTIoeCkKCkhvcGluZyB0aGlzIGhhc24ndCBiZWVuIGRpc2N1c3NlZCBiZWZvcmUs IGJ1dC4uLiBpcyB0aGVyZSBhIHJlYXNvbiBmb3IKbm90IHBpY2tpbmcgU0hBMy01MTI/IChvciBT SEFLRTI1NiB3aXRoIDI1KjggYml0cyBvZiBvdXRwdXQgaWYgd2lsbGluZwp0byBzdGF5IGF0IDI1 IG9jdGV0cyBmb3IgdGhlIGZpbmdlcnByaW50KQoKVGhpcyBzaG91bGQgcHVzaCBiYWNrIHRoZSBu ZXh0IHJlcXVpcmVkIHN3aXRjaCB0byBhIHY2IGtleS4KCjwvcHJlPjwvZGl2Pg== ------=_Part_0_1488413540867-- From nobody Wed Mar 1 23:32:49 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C92BA1294AC for ; Wed, 1 Mar 2017 23:32:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V_GGHXE5X3LL for ; Wed, 1 Mar 2017 23:32:45 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A256129469 for ; Wed, 1 Mar 2017 23:32:45 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cjLEB-0003Lz-82 for ; Thu, 02 Mar 2017 08:32:43 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cjL8p-0008EU-3l; Thu, 02 Mar 2017 08:27:11 +0100 From: Werner Koch To: "Robert J. Hansen" References: <87lgsoah35.fsf@wheatstone.g10code.de> <00cc01d292cf$1578a780$4069f680$@sixdemonbag.org> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "Robert J. Hansen" , 'IETF OpenPGP' Date: Thu, 02 Mar 2017 08:27:04 +0100 In-Reply-To: <00cc01d292cf$1578a780$4069f680$@sixdemonbag.org> (Robert J. Hansen's message of "Wed, 1 Mar 2017 16:02:05 -0500") Message-ID: <87d1e09m0n.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=rail_gun_assassination_strategic_Plame_smuggle_NWO_lock_picking=plut"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Cc: 'IETF OpenPGP' Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 07:32:48 -0000 --=rail_gun_assassination_strategic_Plame_smuggle_NWO_lock_picking=plut Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 1 Mar 2017 22:02, rjh@sixdemonbag.org said: > Deprecation is not the same as obsoleting. Deprecation doesn't break > existing signatures; it just says new signatures MUST NOT use SHA-1. You are right. De-facto SHA-1 is already deprecated and I am sure that is is common understanding in the WG that this will also be written down in 4880bis. Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=rail_gun_assassination_strategic_Plame_smuggle_NWO_lock_picking=plut Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWLfJSQAKCRD/gK6dHew1 jb1VAQCBAtuefD1kot6WOvzen2bFrJOfTQevBRw4CQnuJQviEgD/QfOpBgc5o/O4 AlfDy347h0bqSn+tXK5Jb3b4EQzRYgA= =6Aly -----END PGP SIGNATURE----- --=rail_gun_assassination_strategic_Plame_smuggle_NWO_lock_picking=plut-- From nobody Thu Mar 2 00:05:06 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A28511294A7 for ; Thu, 2 Mar 2017 00:05:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.334 X-Spam-Level: X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inurbanus.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id COJn1lrYurYh for ; Thu, 2 Mar 2017 00:05:01 -0800 (PST) Received: from mail-ua0-x22a.google.com (mail-ua0-x22a.google.com [IPv6:2607:f8b0:400c:c08::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC2DA12941E for ; Thu, 2 Mar 2017 00:05:01 -0800 (PST) Received: by mail-ua0-x22a.google.com with SMTP id 72so67794449uaf.3 for ; Thu, 02 Mar 2017 00:05:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=zF0dtZJvFOphDygkjR05pA1rNsTtlo//74iP2dy0XLA=; b=PFINVsR6ehNDo+RJij2Qn9b00/HP24uLqkCakDjEJahsZ2/DK+mvLS4zjneF3W4fGk bgvXDfAXbN2tesrVfJyuGrTNs+iu3QDxBCMDdJnPBWCkoBaYXw+iq/sSHKoYJ//hZeMP S7ShnKPv2eXaw0qp5YI8O935/eBsfGFNqJdhM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=zF0dtZJvFOphDygkjR05pA1rNsTtlo//74iP2dy0XLA=; b=oqcu1c8Vu3b4XVa9qezNllUW5y6hRksJTE6de8H9yNKMcry2PSauZkuYuAUvVtGXox JKIGJZkrVcnR0OfRM03uyXwfZwzHKnR/oQOwCb1tmIOn6cw1e38bsaT9RYWypw+guRSw Y+gAiooBILAVkhMtEbbFEet7AKIaD7Tm+Ai23OU0fTEWBUpheXsLPLy4kaIB733kATnL B7vPz/AIw7/ReVrJdKBWi55LN8AYnK0lvYoMdqWev7kgCFJi1xErFVWLAzbHqppgrZYS hSjBwytoX99CLerUsL2212xKw2IId6KQiLGRd5u4kxHKVPaQvXW1/63J/6HrBNQRRqVe 7g4g== X-Gm-Message-State: AMke39kCBpe9LZQPvxJtUCvN2jSe8ZaM65q6L0+ahnKCDEKmbmd5hYedP0Ptbr+H+YbKpZOgIVc63Ci+XZTE9A== X-Received: by 10.31.83.66 with SMTP id h63mr2583014vkb.72.1488441900440; Thu, 02 Mar 2017 00:05:00 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.102.3 with HTTP; Thu, 2 Mar 2017 00:05:00 -0800 (PST) In-Reply-To: <00cc01d292cf$1578a780$4069f680$@sixdemonbag.org> References: <87lgsoah35.fsf@wheatstone.g10code.de> <00cc01d292cf$1578a780$4069f680$@sixdemonbag.org> From: Thijs van Dijk Date: Thu, 2 Mar 2017 09:05:00 +0100 Message-ID: To: "Robert J. Hansen" Content-Type: multipart/alternative; boundary=001a114e5a54beb7db0549bae28d Archived-At: Cc: Werner Koch , IETF OpenPGP Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 08:05:04 -0000 --001a114e5a54beb7db0549bae28d Content-Type: text/plain; charset=UTF-8 On 1 March 2017 at 22:02, Robert J. Hansen wrote: > > > 1) Should we deprecate SHA1 in signatures? (Or did we already?) > > > > This would break all existing signatures for no good reason. Instead a > new v5 > > key format MUST NOT be used with signatures "weaker" than SHA-256. > > Deprecation is not the same as obsoleting. Deprecation doesn't break > existing signatures; it just says new signatures MUST NOT use SHA-1. > > It sounds as if you're agreeing with the deprecation suggestion. Or am I > badly misunderstanding something? Sorry if I wasn't clear before; I meant what Werner said. -Thijs --001a114e5a54beb7db0549bae28d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On 1= March 2017 at 22:02, Robert J. Hansen <rjh@sixdemonbag.org> wrote:
> > 1) S= hould we deprecate SHA1 in signatures? (Or did we already?)
>
> This would break all existing signatures for no good reason.=C2=A0 Ins= tead a
new v5
> key format MUST NOT be used with signatures "weaker" than SH= A-256.

Deprecation is not the same as obsoleting.=C2=A0 Deprecation doesn&#= 39;t break
existing signatures; it just says new signatures MUST NOT use SHA-1.

It sounds as if you're agreeing with the deprecation suggestion.=C2=A0 = Or am I
badly misunderstanding something?

Sorry if = I wasn't clear before; I meant what Werner said.

-Thijs=C2=A0
--001a114e5a54beb7db0549bae28d-- From nobody Thu Mar 2 02:33:53 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69C9F1294EA for ; Thu, 2 Mar 2017 02:33:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.236 X-Spam-Level: X-Spam-Status: No, score=-1.236 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2EvUJdSpikke for ; Thu, 2 Mar 2017 02:33:49 -0800 (PST) Received: from smtp.smtpout.orange.fr (smtp07.smtpout.orange.fr [80.12.242.129]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C0071294A8 for ; Thu, 2 Mar 2017 02:33:49 -0800 (PST) Received: from [0.0.0.0] ([91.121.91.176]) by mwinf5d42 with ME id qyZm1u00M3oJ4gz03yZm2g; Thu, 02 Mar 2017 11:33:47 +0100 X-ME-Helo: [0.0.0.0] X-ME-Auth: bGVvLmdhc3BhcmRAd2FuYWRvby5mcg== X-ME-Date: Thu, 02 Mar 2017 11:33:47 +0100 X-ME-IP: 91.121.91.176 To: openpgp@ietf.org References: <20170302001227.2CE73E2040@mail2.ihtfp.org> From: Leo Gaspard Message-ID: Date: Thu, 2 Mar 2017 11:33:46 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: <20170302001227.2CE73E2040@mail2.ihtfp.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BpDWN7dxnNxtQ9NQnpV3c82MIG9woMudV" Archived-At: Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 10:33:51 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BpDWN7dxnNxtQ9NQnpV3c82MIG9woMudV Content-Type: multipart/mixed; boundary="uPSb0K0pPJ0cFa6hcfR7vOKnKJDO8H0iA"; protected-headers="v1" From: Leo Gaspard To: openpgp@ietf.org Message-ID: Subject: Re: [openpgp] V5 Fingerprint again References: <20170302001227.2CE73E2040@mail2.ihtfp.org> In-Reply-To: <20170302001227.2CE73E2040@mail2.ihtfp.org> --uPSb0K0pPJ0cFa6hcfR7vOKnKJDO8H0iA Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 03/02/2017 01:12 AM, Derek Atkins wrote: > Because the SHA3 competition showed us that SHA2 is a good hash... and= > SHA2 is much faster than SHA3. Not being a cryptographer I can't tell much about SHA2's security, but I was told even if there is no flaw found at the moment in SHA2 the construction it is based on (Merkle-Damgard) is the same as for MD5 and SHA1 and has started to show some weaknesses, while SHA3 is based on the sponge construction, which may be more secure. As for the speed, if I read [1] correctly (which, granted, isn't a given), SHA2 isn't "much faster" than SHA3, as keccak512 is faster than sha256 while keccak1024 is slower than sha512 (for equivalent security). [1] https://bench.cr.yp.to/results-sha3.html --uPSb0K0pPJ0cFa6hcfR7vOKnKJDO8H0iA-- --BpDWN7dxnNxtQ9NQnpV3c82MIG9woMudV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEEplquSIS+CbvsrRWvilWEi2CQ+c8FAli39QoACgkQilWEi2CQ +c/NwAwAh1PHr8b9Sm6y/usSPi63hrBoAD+ZDmRizMShGfyUfm5E9Ei6d7rNpZGo X1nYqsa2gpl0+hVgkLNVUCucNnhYkfr7bW2c5lccPn8WfhPI+Gcogcqp2puqqx+m BlrJColJlxw9eJiei4rzxh1YTcwfLHdz+iNTwe4r4dIC9Gdl/EB7aZMwDgzXJ5mw 7pbvaiP2GLOrFJAoBv5FwKIGfRACBNpxlidhBv6N/SKv6A4rx2X0xxVl1gJc8fsZ O6O5buv8V2n5UMph/jhu+3PblyJW4eYLoj1Gm38MhWr6mwujgLOGM3lqJSUkOIyR s0i2ub5R8I1UifVl/8vhEeA/0a2zmfrgZKKSr4OnNJu8EVpMKAv4C1WA+EVQyFCV s33cR1caVw96mQFyX1Q7OnXH+tqb6rW06PLNn0KPU5LQeiyPvW9kuzsardE/pqZb 3EZ5Kza9E+3cV50+7qwd2WFrfBVeNhfc4SUsi92E2d2MrQ2ZkwikLcd4KgeFzAVG P9e1/zEt =Iztr -----END PGP SIGNATURE----- --BpDWN7dxnNxtQ9NQnpV3c82MIG9woMudV-- From nobody Thu Mar 2 03:41:37 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF4B1294A1 for ; Thu, 2 Mar 2017 03:41:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dmYYfXkwnS7u for ; Thu, 2 Mar 2017 03:41:34 -0800 (PST) Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21E0912986F for ; Thu, 2 Mar 2017 03:41:33 -0800 (PST) Received: from dhcp177-253.wlan.rz.tu-bs.de (dhcp177-253.wlan.rz.tu-bs.de [134.169.177.253]) by mail.mugenguild.com (Postfix) with ESMTPSA id A9F195FA58; Thu, 2 Mar 2017 12:41:30 +0100 (CET) Date: Thu, 02 Mar 2017 12:41:27 +0100 User-Agent: K-9 Mail for Android In-Reply-To: <87lgsoah35.fsf@wheatstone.g10code.de> References: <87lgsoah35.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----UEE0YQZMY7DYNY594MNPLA5184XD2E" Content-Transfer-Encoding: 7bit To: openpgp@ietf.org CC: IETF OpenPGP From: Vincent Breitmoser Message-ID: <9E0B568A-6BFB-402B-A445-C1B31FF4D9A6@my.amazin.horse> Archived-At: Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 11:41:36 -0000 ------UEE0YQZMY7DYNY594MNPLA5184XD2E Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I think we can go slightly further here for depreciation in implementation = logic: if a primary key is self signed with a stronger algorithm, a sha1 si= gnature can be considered a security error=2E This avoids a downgrade scena= rio and catches misconfigurations but should have little potential for fals= e positives=2E The only scenario I can think of where this heuristic is off, is when the = sender doesn't create their key themselves and isn't itself capable of stro= nger hashes=2E Not sure if that ever happens?=20 - V ------UEE0YQZMY7DYNY594MNPLA5184XD2E Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable I think we can go slightly further here for depreciation in implementation = logic: if a primary key is self signed with a stronger algorithm, a sha1 si= gnature can be considered a security error=2E This avoids a downgrade scena= rio and catches misconfigurations but should have little potential for fals= e positives=2E

The only scenario I can think of where this heuristic is off, is when the = sender doesn't create their key themselves and isn't itself capable= of stronger hashes=2E Not sure if that ever happens?

- V ------UEE0YQZMY7DYNY594MNPLA5184XD2E-- From nobody Thu Mar 2 05:13:46 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E82D412945A for ; Thu, 2 Mar 2017 05:13:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.334 X-Spam-Level: X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inurbanus.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CUT71zDeFiiC for ; Thu, 2 Mar 2017 05:13:43 -0800 (PST) Received: from mail-ua0-x22e.google.com (mail-ua0-x22e.google.com [IPv6:2607:f8b0:400c:c08::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9C7C129464 for ; Thu, 2 Mar 2017 05:13:43 -0800 (PST) Received: by mail-ua0-x22e.google.com with SMTP id c11so26258023uaa.0 for ; Thu, 02 Mar 2017 05:13:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7I7d+aANnPUJiW5+6gFBufsR1AVppOtsCNG8aMPxyCQ=; b=V0jIFahZ83kyfIzoZogtkW7Pa/9OVnzjLlcWVoWtRO7mc9gFI7tSRUIcdYgE6v2ayR 1tWaOmA6BKmG9A7brgdtz+pttxU1AN7jU5oPmorNKgnKQpBJZdlxArNSVFRiRMqSwS7T rXaMCEFvPyzRbKPXPuIrlDwarGxzwhTg/qd8Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7I7d+aANnPUJiW5+6gFBufsR1AVppOtsCNG8aMPxyCQ=; b=f++66uCKv60px6hnNF6EXVFuRCtwjMuEm3fHVTdmVtZdfxb2A+NlOtMYCfPpUAo+Xi iddXmz8ZuE1zHjLyhJ8sGLHdaRKF/YzDryw8VmnywPWxzWVuoHOHo/VHtHu+Fpk/IHSM NXimbIUlkQX5uXcTyWgfRPbrxyeYOfZzEtFI9cLfd4x+3zM6q14slfOdHpmNJSbuPeuX 86nAc3Shg263KEyKQlhLRXzBcQMqmaQ2Tz/HAC8SRvSqyB5aTTjIw16OHMSJyZUQgdKd JxX6LcnAW0Cyjl5p0UPZApez1QZEcDLTWsz/C9yRwpXY9xZ4OlLbxJUD9e+KOBjBtcNF Ni1A== X-Gm-Message-State: AMke39kdk+PWF7g7XJUmzWi1HjmCGxKtVIkyK/RlievXN01wi1r5Lwj1sjuvp4kA72uBSTsHi3rs1MzEmZz8KQ== X-Received: by 10.159.37.144 with SMTP id 16mr6771813uaf.80.1488460422268; Thu, 02 Mar 2017 05:13:42 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.102.3 with HTTP; Thu, 2 Mar 2017 05:13:41 -0800 (PST) In-Reply-To: <9E0B568A-6BFB-402B-A445-C1B31FF4D9A6@my.amazin.horse> References: <87lgsoah35.fsf@wheatstone.g10code.de> <9E0B568A-6BFB-402B-A445-C1B31FF4D9A6@my.amazin.horse> From: Thijs van Dijk Date: Thu, 2 Mar 2017 14:13:41 +0100 Message-ID: To: Vincent Breitmoser Content-Type: multipart/alternative; boundary=001a1139ba66bb64200549bf327c Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 13:13:45 -0000 --001a1139ba66bb64200549bf327c Content-Type: text/plain; charset=UTF-8 > > I think we can go slightly further here for depreciation in implementation > logic: if a primary key is self signed with a stronger algorithm, a sha1 > signature can be considered a security error. This avoids a downgrade > scenario and catches misconfigurations but should have little potential for > false positives. > Interesting. How do you envision handling an updated selfsig (e.g. to move the expiration date forward) with a stronger hash than before? To me, this seems like the most obvious upgrade path (i.e. a way for users to force moving to a stronger hash), but when taken literally we've just retroactively revoked all previous signatures. > The only scenario I can think of where this heuristic is off, is when the > sender doesn't create their key themselves and isn't itself capable of > stronger hashes. Not sure if that ever happens? One could have a gnuk or yubikey generate the key, and if the user agent *defaults* to sha1 (regardless of whether or not it can support stronger hashes) you'll have triggered this scenario. -Thijs --001a1139ba66bb64200549bf327c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I think we can go slightly further here for depr= eciation in implementation logic: if a primary key is self signed with a st= ronger algorithm, a sha1 signature can be considered a security error. This= avoids a downgrade scenario and catches misconfigurations but should have = little potential for false positives.

I= nteresting. How do you envision handling an updated selfsig (e.g. to move t= he expiration date forward) with a stronger hash than before?
To = me, this seems like the most obvious upgrade path (i.e. a way for users to = force moving to a stronger hash), but when taken literally we've just r= etroactively revoked all previous signatures.
=C2=A0
The only scenario I can think of where this heuristic is off, is when the s= ender doesn't create their key themselves and isn't itself capable = of stronger hashes. Not sure if that ever happens?

One could have a gnuk or yubikey generate the key, and if the user = agent *defaults* to sha1 (regardless of whether or not it can support stron= ger hashes) you'll have triggered this scenario.

-Thijs
--001a1139ba66bb64200549bf327c-- From nobody Thu Mar 2 05:31:09 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FD7C129546 for ; Thu, 2 Mar 2017 05:31:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05hDmiIMvEfd for ; Thu, 2 Mar 2017 05:31:07 -0800 (PST) Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F0B3129464 for ; Thu, 2 Mar 2017 05:31:06 -0800 (PST) Received: from localhost (gate.ibr.cs.tu-bs.de [134.169.34.1]) by mail.mugenguild.com (Postfix) with ESMTPSA id 864A65FA58; Thu, 2 Mar 2017 14:31:05 +0100 (CET) Date: Thu, 2 Mar 2017 14:31:05 +0100 From: Vincent Breitmoser To: Thijs van Dijk Message-ID: <20170302133105.3eijwflvyoddsqb7@calamity> References: <87lgsoah35.fsf@wheatstone.g10code.de> <9E0B568A-6BFB-402B-A445-C1B31FF4D9A6@my.amazin.horse> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 13:31:08 -0000 > Interesting. How do you envision handling an updated selfsig (e.g. to move > the expiration date forward) with a stronger hash than before? > To me, this seems like the most obvious upgrade path (i.e. a way for users > to force moving to a stronger hash), but when taken literally we've just > retroactively revoked all previous signatures. I don't think this works as an upgrade path really. Both for the reason you mention, and also because packets can be suppressed. The best we can probably do here is try and not allow worse than the weakest link. > One could have a gnuk or yubikey generate the key, and if the user agent > *defaults* to sha1 (regardless of whether or not it can support stronger > hashes) you'll have triggered this scenario. Seems like a good outcome if this type of misconfiguration is punished. - V From nobody Fri Mar 3 09:12:41 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76AF712956A for ; Fri, 3 Mar 2017 09:12:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QM2ccaVasB6z for ; Fri, 3 Mar 2017 09:12:38 -0800 (PST) Received: from mail.hashbang.sh (mail.hashbang.sh [104.236.46.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBC3712953A for ; Fri, 3 Mar 2017 09:12:37 -0800 (PST) Received: from localhost (to1.hashbang.sh [104.245.37.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hashbang.sh (Postfix) with ESMTPS id BDA0F1694C; Fri, 3 Mar 2017 17:12:36 +0000 (UTC) Date: Fri, 3 Mar 2017 17:12:36 +0000 From: KellerFuchs To: Derek Atkins Message-ID: <20170303171236.GB2@hashbang.sh> References: <20170302001227.2CE73E2040@mail2.ihtfp.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20170302001227.2CE73E2040@mail2.ihtfp.org> User-Agent: Mutt/1.5.23 (2014-03-12) Archived-At: Cc: Leo Gaspard , openpgp@ietf.org Subject: Re: [openpgp] V5 Fingerprint again X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Mar 2017 17:12:40 -0000 On Wed, Mar 01, 2017 at 07:12:20PM -0500, Derek Atkins wrote: > On Wed, Mar 1, 2017 6:27 PM, Leo Gaspard wrote: > > On 03/01/2017 06:30 PM, Phillip Hallam-Baker wrote: > > > H(x) = SHA-2-512(x) > > > > Hoping this hasn't been discussed before, but... is there a reason for > > not picking SHA3-512? (or SHAKE256 with 25*8 bits of output if willing > > to stay at 25 octets for the fingerprint) > > Because the SHA3 competition showed us that SHA2 is a good hash... and SHA2 is much faster than SHA3. BLAKE2 is faster than either (2-3 faster than SHA-2, depending on configuration, and about 3-5 faster than SHA-3), and designed for ease-of-implementation on a variety of platforms, and was standardized as [RFC 7693]. It's widely-regarded as secure; quoting the SHA-3 final report [0]: > BLAKE and Keccak have very large security margins. [...] > Skein and BLAKE have no known distinguishing attacks that come close to threatening their > full-round versions. Grstl, Skein, and BLAKE have a large number of attack papers reflecting > considerable depth of analysis. Moreover, quite a few projects already picked it as their hash function of choice, due to said advantages, so there is existing library support and we can likely expect that to be true for quite some time. In that context, is there something I missed which says we can't have our cake and eat it too? Best, kf [0]: http://nvlpubs.nist.gov/nistpubs/ir/2012/NIST.IR.7896.pdf [RFC 7693]: https://tools.ietf.org/html/rfc7693 > > -derek > > Sent from my mobile device. Please excuse any typos. > > ----- Reply message ----- > From: "Leo Gaspard" > To: > Subject: [openpgp] V5 Fingerprint again > Date: Wed, Mar 1, 2017 6:27 PM > > On 03/01/2017 06:30 PM, Phillip Hallam-Baker wrote: > > H(x) = SHA-2-512(x) > > Hoping this hasn't been discussed before, but... is there a reason for > not picking SHA3-512? (or SHAKE256 with 25*8 bits of output if willing > to stay at 25 octets for the fingerprint) > > This should push back the next required switch to a v6 key. > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp From nobody Tue Mar 7 09:52:57 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E350D129442 for ; Tue, 7 Mar 2017 09:52:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0CowdpFZ1T2W for ; Tue, 7 Mar 2017 09:52:53 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2167129462 for ; Tue, 7 Mar 2017 09:52:53 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1clJI2-0002Ha-Tw for ; Tue, 07 Mar 2017 18:52:50 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1clJDR-0006VV-Dg for ; Tue, 07 Mar 2017 18:48:05 +0100 From: Werner Koch To: openpgp@ietf.org Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: openpgp@ietf.org Date: Tue, 07 Mar 2017 18:48:05 +0100 Message-ID: <87varlou5m.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=NWO_World_Trade_Center_explosion_MILSATCOM_AIEWS_Vickie_Weaver_LLNL="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2017 17:52:56 -0000 --=NWO_World_Trade_Center_explosion_MILSATCOM_AIEWS_Vickie_Weaver_LLNL= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi! Find my proposal for a V5 key and a new fingerprint scheme below and also with a colored diff at Note that the patch builds upon commit e5a0caef2d5cc291118db58a477d3c034b0997cc Author: Werner Koch Date: Tue Mar 7 11:52:27 2017 +0100 Factor key algorithm specific parts out to a new section. =20=20=20=20 Aside from having the public and secret key parameters now close together, this editorial change will make it easier to add new a new key packet format and prepares for algorithms which can't be described by a list of MPIs (which is actually already the case for ECC keys). Comments? Shalom-Salam, Werner =3D=3D=3D=3D=3D From=20ba4f884c6d5483071d6adbc1e43978b60980440a Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 7 Mar 2017 17:48:15 +0100 Subject: [PATCH] Specify a v5 key version and a new fingerprint scheme. The v5 key version is introduced to a) to trigger the use of the new fingerprint scheme, b) to prepare for algorithms which need keys larger than 64k, c) to ease parsing of unknown algorithms. The fingerprint algorithm uses SHA-256 because a) 32 octets are sufficient for a fingerprint (#include "640k-ram-will-always-be-enough.joke"), b) SHA-256 is well matured and widely available, c) SHA-256 is faster than SHA-512 on embedded platforms, d) implementations need to support SHA-256 anyway because it is the commonly used hash algorithms for signatures. Although the fingerprint is specified at full length it is truncated to 25 octets for purposes of the OpenPGP spec. This is so that signatures are not too much enlarged without a good reason. A human readable representation of the fingerprint is not given because that was never done in OpenPGP. Implementations may for example use 1122334455 6677889900 aabbccddee ff00112233 4455667788 or 11223 34455 66778 89900 aabbc cddee ff001 12233 44556 67788 to show fingerprints. The Key ID is still defined because the 64 bits do not pose a problem when used to selecting the decryption key. The leftmost 64 bits of the fingerprint are used (v4 uses the rightmost). Aside from a few editorial changes the actual changes are: * Revocation key and Issuer Fingerprint: - For a V5 key the 25 leftmost octets are used. * Public key packet: - New four-octet count of the public key material. This is to ease parsing. * Secret key packet - S2K Usage octet MUST NOT be 255. That is V5 keys require the SHA-1 checksum but we may want to drop this in favor of an AEAD mode. - New one-octet count of the S2K parameters. This is to ease parsing. - New four-octet count of the secret key material. This is to ease parsing. * Key IDs and Fingerprint - The V5 fingerprint uses SHA-256 - The magic header is changed from 0x99 + two-octets length header to 0x9a =3D four-octet length header. The four-octet public key material count is inserted. * EC DH Algorithm - For the 20 octets representing a recipient in the KDF parameters the v5 fingerprint truncated to 20 octets is used. =2D-- middle.mkd | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++-------= ---- 1 file changed, 81 insertions(+), 17 deletions(-) diff --git a/middle.mkd b/middle.mkd index 462730b..1cd9f86 100644 =2D-- a/middle.mkd +++ b/middle.mkd @@ -1279,8 +1279,11 @@ #### {5.2.3.14} Regular Expression =20 #### {5.2.3.15} Revocation Key =20 =2D(1 octet of class, 1 octet of public-key algorithm ID, 20 octets of =2Dfingerprint) +(1 octet of class, 1 octet of public-key algorithm ID, 20 or 25 octets +of fingerprint) + +V4 keys use the untruncated 20 octet fingerprint; V5 keys use the +right truncated 25 octet fingerprint =20 Authorizes the specified key to issue revocation signatures for this key. Class octet must have bit 0x80 set. If the bit 0x40 is set, then @@ -1629,7 +1632,9 @@ #### Issuer Fingerprint 64 bits of the fingerprint. =20 Note that the length N of the fingerprint for a version 4 key is 20 =2Doctets. +octets. For a version 5 key N is 25 and the fingerprint is right +truncated to 25 octets. + =20 ### {5.2.4} Computing Signatures =20 @@ -1888,6 +1893,27 @@ ### {5.5.2} Public-Key Packet Formats * A series of values comprising the key material. This is algorithm-specific and described in section XXXX. =20 +The version 5 format is similar to the version 4 format except for the +addition of a count for the key material. This count helps parsing +secret key packets (which are an extension of the public key packet +format) in the case of an unknown algoritm. In addition, fingerprints +of version 5 keys are calculated differently from version 4 keys, as +described in the section "Enhanced Key Formats". + +A version 5 packet contains: + + * A one-octet version number (5). + + * A four-octet number denoting the time that the key was created. + + * A one-octet number denoting the public-key algorithm of this + key. + + * A four-octet scalar octet count for the following key material. + + * A series of values comprising the key material. This is + algorithm-specific and described in section XXXX. + =20 ### {5.5.3} Secret-Key Packet Formats =20 @@ -1903,7 +1929,10 @@ ### {5.5.3} Secret-Key Packet Formats indicates that the secret-key data is not encrypted. 255 or 254 indicates that a string-to-key specifier is being given. Any other value is a symmetric-key encryption algorithm =2D identifier. + identifier. A version 5 packet MUST NOT use the value 255. + + * Only for a version 5 packet, a one-octet scalar octet count of the + next 3 optional fields. =20 * [Optional] If string-to-key usage octet was 255 or 254, a one- octet symmetric encryption algorithm. @@ -1916,6 +1945,9 @@ ### {5.5.3} Secret-Key Packet Formats octet not zero), an Initial Vector (IV) of the same length as the cipher's block size. =20 + * Only for a version 5 packet, a four-octet scalar octet count for + the following key material. + * Plain or encrypted series of values comprising the secret key material. This is algorithm-specific and described in section XXXX. @@ -1929,6 +1961,8 @@ ### {5.5.3} Secret-Key Packet Formats (if string-to-key usage octet is not zero). Note that for all other values, a two-octet checksum is required. =20 +Note that the version 5 packet format adds two count values +to help parsing packets with unknown S2K or public key algorithms. =20 Secret MPI values can be encrypted using a passphrase. If a string- to-key specifier is given, that describes the algorithm for converting @@ -1948,8 +1982,8 @@ ### {5.5.3} Secret-Key Packet Formats at the beginning of each new MPI value, so that the CFB block boundary is aligned with the start of the MPI data. =20 =2DWith V4 keys, a simpler method is used. All secret MPI values are =2Dencrypted in CFB mode, including the MPI bitcount prefix. +With V4 and V5 keys, a simpler method is used. All secret MPI values +are encrypted in CFB mode, including the MPI bitcount prefix. =20 The two-octet checksum that follows the algorithm-specific portion is the algebraic sum, mod 65536, of the plaintext of all the algorithm- @@ -3475,17 +3509,15 @@ ## {12.2} Key IDs and Fingerprints =20 a.1) 0x99 (1 octet) =20 =2D a.2) high-order length octet of (b)-(e) (1 octet) =2D =2D a.3) low-order length octet of (b)-(e) (1 octet) + a.2) two-octet scalar octet count of (b)-(e) =20 =2D b) version number =3D 4 (1 octet); + b) version number =3D 4 (1 octet); =20 =2D c) timestamp of key creation (4 octets); + c) timestamp of key creation (4 octets); =20 =2D d) algorithm (1 octet): 17 =3D DSA (example); + d) algorithm (1 octet): 17 =3D DSA (example); =20 =2D e) Algorithm-specific fields. + e) Algorithm-specific fields. =20 Algorithm-Specific Fields for DSA keys (example): =20 @@ -3497,18 +3529,49 @@ ## {12.2} Key IDs and Fingerprints =20 e.4) MPI of DSA public-key value y (=3D g\*\*x mod p where x is secret= ). =20 +A V5 fingerprint is the 256-bit SHA-256 hash of the octet 0x99, followed +by the four-octet packet length, followed by the entire Public-Key +packet starting with the version field. The Key ID is the high-order 64 +bits of the fingerprint. Here are the fields of the hash material, +with the example of a DSA key: + + a.1) 0x9A (1 octet) + + a.2) four-octet scalar octet count of (b)-(f) + + b) version number =3D 5 (1 octet); + + c) timestamp of key creation (4 octets); + + d) algorithm (1 octet): 17 =3D DSA (example); + + e) four-octet scalar octet count for the following key material; + + f) algorithm-specific fields. + + Algorithm-Specific Fields for DSA keys (example): + + f.1) MPI of DSA prime p; + + f.2) MPI of DSA group order q (q is a prime divisor of p-1); + + f.3) MPI of DSA group generator g; + + f.4) MPI of DSA public-key value y (=3D g\*\*x mod p where x is secret= ). + Note that it is possible for there to be collisions of Key IDs -- two different keys with the same Key ID. Note that there is a much smaller, but still non-zero, probability that two different keys have the same fingerprint. =20 =2DAlso note that if V3 and V4 format keys share the same RSA key +Also note that if V3, V4, and V5 format keys share the same RSA key material, they will have different Key IDs as well as different fingerprints. =20 Finally, the Key ID and fingerprint of a subkey are calculated in the =2Dsame way as for a primary key, including the 0x99 as the first octet =2D(even though this is not a valid packet ID for a public subkey). +same way as for a primary key, including the 0x99 (V3 and V4 key) or +0x9A (V5 key) as the first octet (even though this is not a valid +packet ID for a public subkey). =20 # Elliptic Curve Cryptography =20 @@ -3648,7 +3711,8 @@ ## EC DH Algorithm (ECDH) =20 - 20 octets representing a recipient encryption subkey or a master key fingerprint, identifying the key material that is needed for =2D the decryption. + the decryption. For version 5 keys the fingerprint is right + truncated to 20 octets. =20 The size of the KDF parameters sequence, defined above, is either 54 for the NIST curve P-256 or 51 for the curves P-384 and P-521. =2D-=20 2.8.1 =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=NWO_World_Trade_Center_explosion_MILSATCOM_AIEWS_Vickie_Weaver_LLNL= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWL7yVQAKCRD/gK6dHew1 jTnUAPsGkC7wlEIuxt2i4JlUNvY287ZvYS3VR0Kzn+ZUr5vaQAD+OBHxgi1jzOZO Awg0UojvKEuglK9fR+fErqcrT2RRuw0= =1t9D -----END PGP SIGNATURE----- --=NWO_World_Trade_Center_explosion_MILSATCOM_AIEWS_Vickie_Weaver_LLNL=-- From nobody Tue Mar 7 15:06:09 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84C831294C4 for ; Tue, 7 Mar 2017 15:06:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OK33JP_XF8tF for ; Tue, 7 Mar 2017 15:06:06 -0800 (PST) Received: from mail.hashbang.sh (mail.hashbang.sh [104.236.46.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC29D129473 for ; Tue, 7 Mar 2017 15:06:06 -0800 (PST) Received: from localhost (to1.hashbang.sh [104.245.37.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hashbang.sh (Postfix) with ESMTPS id D8BE916B8F for ; Tue, 7 Mar 2017 23:06:05 +0000 (UTC) Date: Tue, 7 Mar 2017 23:06:05 +0000 From: KellerFuchs To: openpgp@ietf.org Message-ID: <20170307230605.GA2@hashbang.sh> References: <87varlou5m.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87varlou5m.fsf@wheatstone.g10code.de> User-Agent: Mutt/1.5.23 (2014-03-12) Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2017 23:06:08 -0000 On Tue, Mar 07, 2017 at 06:48:05PM +0100, Werner Koch wrote: > Hi! > > Find my proposal for a V5 key and a new fingerprint scheme below and > also with a colored diff at > > Thanks a lot for doing this. > [...] > ===== > From ba4f884c6d5483071d6adbc1e43978b60980440a Mon Sep 17 00:00:00 2001 > From: Werner Koch > Date: Tue, 7 Mar 2017 17:48:15 +0100 > Subject: [PATCH] Specify a v5 key version and a new fingerprint scheme. > [...] > --- > middle.mkd | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++----------- > 1 file changed, 81 insertions(+), 17 deletions(-) > > diff --git a/middle.mkd b/middle.mkd > index 462730b..1cd9f86 100644 > --- a/middle.mkd > +++ b/middle.mkd > @@ -1279,8 +1279,11 @@ #### {5.2.3.14} Regular Expression > > #### {5.2.3.15} Revocation Key > > -(1 octet of class, 1 octet of public-key algorithm ID, 20 octets of > -fingerprint) > +(1 octet of class, 1 octet of public-key algorithm ID, 20 or 25 octets > +of fingerprint) > + > +V4 keys use the untruncated 20 octet fingerprint; V5 keys use the > +right truncated 25 octet fingerprint This is the first occurence of “right truncated”, as far as I can tell. Since it's not entirely clear (at least to me) if this means keeping the 20 rightmost octets or dropping octets right of the 25th, not introducing it is not ideal. Furthermore, this hints at there being a left-truncation too, and having both seems like a source of confusion. What about simply calling this “the truncated 25-octets fingerprint” ? Also, but I likely missed the relevant WG thread, why truncate the fingerprint to 200 bits? (Not that this is likely an issue.) Best, kf From nobody Wed Mar 8 02:28:10 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5928D129479 for ; Wed, 8 Mar 2017 02:28:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JkD8qGsMbyDd for ; Wed, 8 Mar 2017 02:28:01 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2B79127071 for ; Wed, 8 Mar 2017 02:28:01 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1clYp1-0008Ka-Ef for ; Wed, 08 Mar 2017 11:27:55 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1clVcp-0005Id-F4; Wed, 08 Mar 2017 08:03:07 +0100 From: Werner Koch To: KellerFuchs References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: KellerFuchs , openpgp@ietf.org Date: Wed, 08 Mar 2017 08:02:54 +0100 In-Reply-To: <20170307230605.GA2@hashbang.sh> (KellerFuchs@hashbang.sh's message of "Tue, 7 Mar 2017 23:06:05 +0000") Message-ID: <87efy8ntcx.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=domestic_disruption_undercover_ARPA_CDMA_Kennedy_S_Key_Crowell_Reno="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Mar 2017 10:28:09 -0000 --=domestic_disruption_undercover_ARPA_CDMA_Kennedy_S_Key_Crowell_Reno= Content-Type: text/plain On Wed, 8 Mar 2017 00:06, KellerFuchs@hashbang.sh said: > Since it's not entirely clear (at least to me) if this means keeping the 20 > rightmost octets or dropping octets right of the 25th, not introducing it > is not ideal. What about this: -V4 keys use the untruncated 20 octet fingerprint; V5 keys use the -right truncated 25 octet fingerprint +V4 keys use the full 20 octet fingerprint; V5 keys use the +leftmost 25 octets of the fingerprint Note that the length N of the fingerprint for a version 4 key is 20 -octets. For a version 5 key N is 25 and the fingerprint is right -truncated to 25 octets. +octets. For a version 5 key the leftmost 25 octets of the fingerprint +are used (N=25). key fingerprint, identifying the key material that is needed for - the decryption. For version 5 keys the fingerprint is right - truncated to 20 octets. + the decryption. For version 5 keys the 20 leftmost octets of the + fingerprint are used. > Also, but I likely missed the relevant WG thread, why truncate the > fingerprint to 200 bits? (Not that this is likely an issue.) That was a suggestion from the Berlin meeting. Given that even for SHA-1 no pre-image attack is known, we get quite some security margin by using 200 bits from SHA-256 over the 160 from SHA-1. When a truncated SHA-256 shows weaknesses we only need to replace two signature subpackets but the fingerrprint won't change. Due to the use of the 'Issuer Fingerpint' the signatures grow in size by 22 octets which is substantal for ECC signatures. With the full V5 fingerprint this would increase to 25 octets (34 - 9 from the not used 'Issuer' subpacket). By truncating the fingerprint we will only use 18 octets which is even a saving compared to V4 keys. Shalom-Salam, Werner --=domestic_disruption_undercover_ARPA_CDMA_Kennedy_S_Key_Crowell_Reno= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWL+sngAKCRD/gK6dHew1 jVqUAQCzgUKl4+RNfkWR232qdedoYdAFtSByezjblG1yvZzwmQEAoHO2Bd4X4lMw ePktIhm6rQinMtdDLC0X7Zsxeir3Gg4= =vtU1 -----END PGP SIGNATURE----- --=domestic_disruption_undercover_ARPA_CDMA_Kennedy_S_Key_Crowell_Reno=-- From nobody Thu Mar 9 04:41:21 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C3F21295A5 for ; Thu, 9 Mar 2017 04:41:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lcDW_-IJDYsq for ; Thu, 9 Mar 2017 04:41:17 -0800 (PST) Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AE35129438 for ; Thu, 9 Mar 2017 04:41:16 -0800 (PST) Received: from localhost (5.40.111.162.static.user.ono.com [5.40.111.162]) by mail.mugenguild.com (Postfix) with ESMTPSA id 1BD825FB2A for ; Thu, 9 Mar 2017 13:41:14 +0100 (CET) Date: Thu, 9 Mar 2017 13:41:10 +0100 From: Vincent Breitmoser To: openpgp@ietf.org Message-ID: <20170309124110.2t3nciyq2lqjjrk7@calamity> References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87efy8ntcx.fsf@wheatstone.g10code.de> User-Agent: NeoMutt/20170113 (1.7.2) Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2017 12:41:20 -0000 > > Also, but I likely missed the relevant WG thread, why truncate the > > fingerprint to 200 bits? (Not that this is likely an issue.) > > That was a suggestion from the Berlin meeting. Can you (or someone else) give some more insight on the requirements that were identified as a basis for this suggestion? The SHA-3 contest reaffirmed that SHA-2 is doing just fine in terms of cryptanalysis, so 160 bits truncated SHA-2 would be just fine even if we consider strong collision resistance a requirement. But we had this topic before, and from what I remember noone was able to come up with an attack scenario where a collision would be useful in any way. Still the idea now is to add another 40 bits on top? - V From nobody Thu Mar 9 09:45:37 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CAC5128B44 for ; Thu, 9 Mar 2017 09:45:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjXQSijEir2H for ; Thu, 9 Mar 2017 09:45:33 -0800 (PST) Received: from mail.hashbang.sh (mail.hashbang.sh [104.236.46.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91BF41294E8 for ; Thu, 9 Mar 2017 09:45:33 -0800 (PST) Received: from localhost (to1.hashbang.sh [104.245.37.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hashbang.sh (Postfix) with ESMTPS id A74BA16C7D for ; Thu, 9 Mar 2017 17:45:32 +0000 (UTC) Date: Thu, 9 Mar 2017 17:45:31 +0000 From: KellerFuchs To: openpgp@ietf.org Message-ID: <20170309174531.GB2@hashbang.sh> References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87efy8ntcx.fsf@wheatstone.g10code.de> User-Agent: Mutt/1.5.23 (2014-03-12) Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2017 17:45:35 -0000 On Wed, Mar 08, 2017 at 08:02:54AM +0100, Werner Koch wrote: > On Wed, 8 Mar 2017 00:06, KellerFuchs@hashbang.sh said: > > > Since it's not entirely clear (at least to me) if this means keeping the 20 > > rightmost octets or dropping octets right of the 25th, not introducing it > > is not ideal. > > What about this: This is very nice: basically as concise, and completely unambiguous so it doesn't need a definition :) > [...] > > Also, but I likely missed the relevant WG thread, why truncate the > > fingerprint to 200 bits? (Not that this is likely an issue.) > > That was a suggestion from the Berlin meeting. > > Given that even for SHA-1 no pre-image attack is known, we get quite > some security margin by using 200 bits from SHA-256 over the 160 from > SHA-1. > > When a truncated SHA-256 shows weaknesses we only need to replace two > signature subpackets but the fingerrprint won't change. > > Due to the use of the 'Issuer Fingerpint' the signatures grow in size by > 22 octets which is substantal for ECC signatures. With the full V5 > fingerprint this would increase to 25 octets (34 - 9 from the not used > 'Issuer' subpacket). By truncating the fingerprint we will only use 18 > octets which is even a saving compared to V4 keys. Thanks a bunch for the explanation, this makes sense. Best, kf From nobody Thu Mar 9 10:47:49 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10E4412966F for ; Thu, 9 Mar 2017 10:47:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Y81Q9WKfp0Z for ; Thu, 9 Mar 2017 10:47:47 -0800 (PST) Received: from mail.hashbang.sh (mail.hashbang.sh [104.236.46.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 359381294F0 for ; Thu, 9 Mar 2017 10:47:47 -0800 (PST) Received: from localhost (to1.hashbang.sh [104.245.37.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hashbang.sh (Postfix) with ESMTPS id 518DA16C83 for ; Thu, 9 Mar 2017 18:47:46 +0000 (UTC) Date: Thu, 9 Mar 2017 18:47:45 +0000 From: KellerFuchs To: openpgp@ietf.org Message-ID: <20170309184745.GC2@hashbang.sh> References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170309174531.GB2@hashbang.sh> User-Agent: Mutt/1.5.23 (2014-03-12) Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2017 18:47:48 -0000 On Thu, Mar 09, 2017 at 05:45:31PM +0000, KellerFuchs wrote: > On Wed, Mar 08, 2017 at 08:02:54AM +0100, Werner Koch wrote: > > That was a suggestion from the Berlin meeting. > > > > Given that even for SHA-1 no pre-image attack is known, we get quite > > some security margin by using 200 bits from SHA-256 over the 160 from > > SHA-1. > > [...] > > Thanks a bunch for the explanation, this makes sense. PS: I still don't get what's the advantage of SHA-256 there over Blake2, given the current library support situation, security analysis and performance. From nobody Thu Mar 9 11:11:47 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C8A41297FE for ; Thu, 9 Mar 2017 11:11:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yhwp18Yi_8g9 for ; Thu, 9 Mar 2017 11:11:45 -0800 (PST) Received: from mail-yb0-x232.google.com (mail-yb0-x232.google.com [IPv6:2607:f8b0:4002:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0464A1297F0 for ; Thu, 9 Mar 2017 11:11:45 -0800 (PST) Received: by mail-yb0-x232.google.com with SMTP id g132so4899569ybg.3 for ; Thu, 09 Mar 2017 11:11:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=oxdbLWMw0UOJNgqbxNXrGFiOe4H3DZ+Z8b9n64dTEKA=; b=D/H9zhKC5StMcf3A4OJfkoSFaj68Md1pUpRLVuX9pUiF6jPJwXvhWLH7QusXSt3GUA HvhxEIqW86yMO0beSsoC0o1AHT3OCvkUpuST7oLAeoUgGQBEHHZzr5xj9trhR52ED+lS yXJTbxpyHtAWTebgLWqZajjFywaqyzzKfCXjW+iXFLtidZ2PysHx6xqNgTONTvivE0aY OFh94/CawVhhFsoLclsxEB4sNmqEWzPsUbl7l4bKnxKpg7nlomARg6wY+doUXMzomkcX cehwfSkrF1ttYjtJ/UOYkoEbvFIpl9nI6PvHdpSsiH8zxOz2EiZ3/jFuhlf0RS4KYikl tUDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=oxdbLWMw0UOJNgqbxNXrGFiOe4H3DZ+Z8b9n64dTEKA=; b=EWWplQjisM5UqQkWPzZBQFcE1dZLvtZ8Vtm4y0e3ikWDpXhXjd4FgufiMNhsteel/9 EiJ/zDg0UVSDkupxGNaD+lMQu8dOk6M8uJ8aV3CJBXIozDTk3ryIwfVJ3vyoGGkjfudw LO1bPmneHPsZ5ZYMdG8rq3WwspJ9v/ywUaexLfdouHrGCQAV7OADYJ91fg9WSAeWDeqb yL+aJ2Bh5YEb3qXqoBmMALfmsS+Ejy8Ls+Nxkn8VZtUCT/zzEPQFMK+2tLXugtKTZEqM 503lcUNm43AGj6HjZsbAQofU1Mlponxv24EYAn7NZP2sbaBupmKXc+d1+rJ+/77DY+6E K0iw== X-Gm-Message-State: AMke39msjUzQhngJVD5B0pz4SqtNfoHkjtMCsUAzTBHTEObnIF5/RqjqQEkAL4TbOTvhV/YXmXE7SI/kWgrCag== X-Received: by 10.37.201.196 with SMTP id z187mr5254298ybf.161.1489086704167; Thu, 09 Mar 2017 11:11:44 -0800 (PST) MIME-Version: 1.0 Received: by 10.129.154.210 with HTTP; Thu, 9 Mar 2017 11:11:03 -0800 (PST) In-Reply-To: <20170309184745.GC2@hashbang.sh> References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> From: Eric Rescorla Date: Thu, 9 Mar 2017 11:11:03 -0800 Message-ID: To: KellerFuchs Content-Type: multipart/alternative; boundary=001a114d88ea0ac142054a510491 Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2017 19:11:46 -0000 --001a114d88ea0ac142054a510491 Content-Type: text/plain; charset=UTF-8 On Thu, Mar 9, 2017 at 10:47 AM, KellerFuchs wrote: > On Thu, Mar 09, 2017 at 05:45:31PM +0000, KellerFuchs wrote: > > On Wed, Mar 08, 2017 at 08:02:54AM +0100, Werner Koch wrote: > > > That was a suggestion from the Berlin meeting. > > > > > > Given that even for SHA-1 no pre-image attack is known, we get quite > > > some security margin by using 200 bits from SHA-256 over the 160 from > > > SHA-1. > > > [...] > > > > Thanks a bunch for the explanation, this makes sense. > > PS: I still don't get what's the advantage of SHA-256 there over Blake2, > given the current library support situation, security analysis and > performance. > I don't know anything about PGP library support, but my experience, at least with SSL/TLS stacks, is that there is a lot more SHA-256 support than support for {SHA-3, Blake2} -Ekr > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp > --001a114d88ea0ac142054a510491 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

= On Thu, Mar 9, 2017 at 10:47 AM, KellerFuchs <KellerFuchs@hashbang.= sh> wrote:
On Thu, Mar 09, 2017 at 05:45:31PM +0000, KellerFuchs wrote:
> On Wed, Mar 08, 2017 at 08:02:54AM +0100, Werner Koch wrote:
> > That was a suggestion from the Berlin mee= ting.
> >
> > Given that even for SHA-1 no pre-image attack is known, we get qu= ite
> > some security margin by using 200 bits from SHA-256 over the 160 = from
> > SHA-1.
> > [...]
>
> Thanks a bunch for the explanation, this makes sense.

PS: I still don't get what's the advantage of SHA-256 there = over Blake2,
=C2=A0 =C2=A0 given the current library support situation, security analysi= s and
=C2=A0 =C2=A0 performance.

I don't = know anything about PGP library support, but my experience, at
le= ast with SSL/TLS stacks, is that there is a lot more SHA-256 support than
support for {SHA-3, Blake2}
-Ekr
=C2=A0
<= blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px= #ccc solid;padding-left:1ex">

_______________________________________________
openpgp mailing list
openpgp@ietf.org
https://www.ietf.org/mailman/listinfo/openpgp<= br>

--001a114d88ea0ac142054a510491-- From nobody Thu Mar 9 14:01:24 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0E9E129504 for ; Thu, 9 Mar 2017 14:01:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id no9N44V1z841 for ; Thu, 9 Mar 2017 14:01:14 -0800 (PST) Received: from st13p27im-asmtp004.me.com (st13p27im-asmtp004.me.com [17.162.190.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0488F12946D for ; Thu, 9 Mar 2017 14:01:14 -0800 (PST) Received: from process-dkim-sign-daemon.st13p27im-asmtp004.me.com by st13p27im-asmtp004.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0OMK00P00IEW0H00@st13p27im-asmtp004.me.com> for openpgp@ietf.org; Thu, 09 Mar 2017 22:01:13 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=4d515a; t=1489096873; bh=fzAEYsNRKFGv9qkrVE1Fj2mRBwwV82urxswsrxr39oQ=; h=Content-type:MIME-version:Subject:From:Date:Message-id:To; b=cbMft88bYYAIOv8BrYtE+qzn1i2UV/vv1BWZ+bZy5eHAKQaDwSVw6Q96p5tJme0l9 J6+f3y1DkPLZUvEGl5QZOqadCFfdCe2tmwQ+C/3CARk6sKXk8KitppYavneVvDZnGQ ISCmCDhgm5YJzzwnzIR/vrvSaEEMtgZgoO7lejcqr0HwsS5nkUlwfc0QjbizovxM63 cZjM/wP7SrhM0pofhtw7hWBvD1aEnxhghU2BdWUSJPnyk/ytzbmWXF8kY1tjVE3wl1 157oc9PmQb8q3OFH2UpSGgmdg9rNhzNUu8w0S0bb23tYTHDt8EMBJqelaVIHZGVMkJ FtZIa9v4AL1Ww== Received: from icloud.com ([127.0.0.1]) by st13p27im-asmtp004.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0OMK00ARWIHZKI00@st13p27im-asmtp004.me.com> for openpgp@ietf.org; Thu, 09 Mar 2017 22:01:12 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-03-09_18:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1034 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1701120000 definitions=main-1703090160 Content-type: text/plain; charset=us-ascii MIME-version: 1.0 (Mac OS X Mail 10.2 \(3259\)) From: Jon Callas In-reply-to: Date: Thu, 09 Mar 2017 14:01:10 -0800 Content-transfer-encoding: quoted-printable Message-id: References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> To: IETF OpenPGP X-Mailer: Apple Mail (2.3259) Archived-At: Cc: Jon Callas Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2017 22:01:15 -0000 At the risk of sending this into a rathole, a viable alternative would = be to use SHA512/t as a truncation function. It's got a well-defined way = to deal with the issues of naive truncations, and you don't have to = worry about defining how to truncate. If you want a 200 bit hash, you = can just get one. Jon From nobody Fri Mar 10 02:12:57 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D96AC12987A for ; Fri, 10 Mar 2017 02:12:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9sIdbRxKlQWr for ; Fri, 10 Mar 2017 02:12:55 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D906129878 for ; Fri, 10 Mar 2017 02:12:54 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cmHXZ-0007xS-0y for ; Fri, 10 Mar 2017 11:12:53 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cmHTI-0006Pa-6q; Fri, 10 Mar 2017 11:08:28 +0100 From: Werner Koch To: Jon Callas References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Jon Callas , IETF OpenPGP Date: Fri, 10 Mar 2017 11:08:27 +0100 In-Reply-To: (Jon Callas's message of "Thu, 09 Mar 2017 14:01:10 -0800") Message-ID: <87varhculg.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=mindwar_Fedayeen_freedom_Merlin_dictionary_Freeh_ASDIC_MIT-LL_condor"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Mar 2017 10:12:57 -0000 --=mindwar_Fedayeen_freedom_Merlin_dictionary_Freeh_ASDIC_MIT-LL_condor Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 9 Mar 2017 23:01, joncallas@icloud.com said: > At the risk of sending this into a rathole, a viable alternative would > be to use SHA512/t as a truncation function. It's got a well-defined We had a discussion here on the merits of SHA-256 over SHA-512 with the two arguments I already mentioned: - SHA-256 is much faster on smaller 32 bit systems - SHA-256 is anyway required to verify existing signatures. An advantage of SHA-512 is that this would benefit an X25519-only based implementation because that requires SHA-512 anyway. Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=mindwar_Fedayeen_freedom_Merlin_dictionary_Freeh_ASDIC_MIT-LL_condor Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWMJ7GwAKCRD/gK6dHew1 jW0hAQCOVF6FKD/naOHTVy6znCkEN8gDO+P2yiqePw4hsvpXbwEApZEI+iWl2Iw8 C//XdIa6Ji+IXFPsKXbYen8ByV7zJQo= =17wp -----END PGP SIGNATURE----- --=mindwar_Fedayeen_freedom_Merlin_dictionary_Freeh_ASDIC_MIT-LL_condor-- From nobody Fri Mar 10 14:13:42 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EC9C128E19 for ; Fri, 10 Mar 2017 14:13:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cj-hcSMnEI6w for ; Fri, 10 Mar 2017 14:13:38 -0800 (PST) Received: from st13p27im-asmtp004.me.com (st13p27im-asmtp004.me.com [17.162.190.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C30A21293E8 for ; Fri, 10 Mar 2017 14:13:38 -0800 (PST) Received: from process-dkim-sign-daemon.st13p27im-asmtp004.me.com by st13p27im-asmtp004.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0OMM00E00DH7R400@st13p27im-asmtp004.me.com> for openpgp@ietf.org; Fri, 10 Mar 2017 22:13:37 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=4d515a; t=1489184017; bh=EcGb7pOOenxJT170xQVt3Jkk3k2ooSX0zBzTQg222JI=; h=Content-type:MIME-version:Subject:From:Date:Message-id:To; b=LpgaW4z31bS6oIwIkDiFOGz3FKAq3ecdHhL23BMfmOV0qyfIiHXdcZZ6EuYDWJohS g8WAk0xP1RkKZ7xPyfKbSwj/FpfAd0ktZhQ+fv1CR8IcjFsjSmijbpWKa0Rjmla3j/ LvaNHqb7/edpBDKTdnM/uTv5nlbKbHi2Fc8HQcprGfBFL8VRRY5ymmryUma9a7waQ6 +AYPY2vIZDBCEblQ05Z0/y8ngUSanm18wst0TGWK9/+1H5/mu5KC9i02x1hwhl0L0W 6uBkc9xxpySlmo+dHLo7bL0/MRiQaSl9knt5fj+IwQZFFd0EiesQQpH0tG1pCNJ7sK ecuV+FOqJngUg== Received: from icloud.com ([127.0.0.1]) by st13p27im-asmtp004.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0OMM012K0DQNB630@st13p27im-asmtp004.me.com>; Fri, 10 Mar 2017 22:13:37 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-03-10_15:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1034 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1701120000 definitions=main-1703100172 Content-type: text/plain; charset=us-ascii MIME-version: 1.0 (Mac OS X Mail 10.2 \(3259\)) From: Jon Callas In-reply-to: <87varhculg.fsf@wheatstone.g10code.de> Date: Fri, 10 Mar 2017 14:13:35 -0800 Content-transfer-encoding: quoted-printable Message-id: <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> To: Werner Koch X-Mailer: Apple Mail (2.3259) Archived-At: Cc: IETF OpenPGP , Jon Callas Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Mar 2017 22:13:41 -0000 > On Mar 10, 2017, at 2:08 AM, Werner Koch wrote: >=20 > On Thu, 9 Mar 2017 23:01, joncallas@icloud.com said: >> At the risk of sending this into a rathole, a viable alternative = would >> be to use SHA512/t as a truncation function. It's got a well-defined >=20 > We had a discussion here on the merits of SHA-256 over SHA-512 with = the > two arguments I already mentioned: >=20 > - SHA-256 is much faster on smaller 32 bit systems > - SHA-256 is anyway required to verify existing signatures. >=20 > An advantage of SHA-512 is that this would benefit an X25519-only = based > implementation because that requires SHA-512 anyway. This is a different suggestion, one about SHA512/t, which has an output = length of 't' bits. It's a cute little hack that NIST put on top of = SHA-512 to get a variable-output hash function. I didn't bring in performance discussions because this is about = fingerprints where it doesn't matter so much one way or the other. But = since you did, you're right, that on a 32-bit system, SHA256 is faster. = But on a 64-bit system, SHA-512 is faster, often like 1.5x faster. But anyway, the suggestion is because if you're going to generate a = 200-bit fingerprint, using a variable output hash function solves the = problem of having to figure out how to truncate, as well as any issues = in truncation. Jon From nobody Tue Mar 14 03:22:21 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C14B31293DC for ; Tue, 14 Mar 2017 03:22:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5GSjF3T1XMFy for ; Tue, 14 Mar 2017 03:22:18 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6B46127ABE for ; Tue, 14 Mar 2017 03:22:18 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cnjap-00023J-W5 for ; Tue, 14 Mar 2017 11:22:16 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cnjWh-0007V7-3p; Tue, 14 Mar 2017 11:17:59 +0100 From: Werner Koch To: Jon Callas References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Jon Callas , IETF OpenPGP Date: Tue, 14 Mar 2017 11:17:48 +0100 In-Reply-To: <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> (Jon Callas's message of "Fri, 10 Mar 2017 14:13:35 -0800") Message-ID: <87mvco40xf.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=Indigo_Clinton_Dick_Cheney_subversive_S_Box_ASO_Operation_Iraqi=Free"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Mar 2017 10:22:20 -0000 --=Indigo_Clinton_Dick_Cheney_subversive_S_Box_ASO_Operation_Iraqi=Free Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 10 Mar 2017 23:13, joncallas@icloud.com said: > This is a different suggestion, one about SHA512/t, which has an > output length of 't' bits. It's a cute little hack that NIST put on > top of SHA-512 to get a variable-output hash function. Thanks for the pointer. However this changes the semantics: With SHA512/t we need to settle for a certain truncation because the fingerprint depends on T. The proposal defines a 32 byte fingerprint and only uses truncated versions for the two signature subpackets and the ECDH magic string. Thus when a SHA-256 truncated to 200 bits shows weaknesses, we only need to change the signature subpackets to use the full 256 bits to address this weakness. The fingerprint however will not change and there won't be a need to create new keys. You are right that computing a fingerprint should not be a performance problem. Thus we could also use SHA-512 as fingerprint algorithm and truncate it to 200 bits. I am actually slightly in favor of using SHA-512 (but not SHA-512/t). What do others think: - Use SHA-256 and truncated to 200 bits - Use SHA-512 and truncated to 200 bits - Anything else Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=Indigo_Clinton_Dick_Cheney_subversive_S_Box_ASO_Operation_Iraqi=Free Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWMfDTAAKCRD/gK6dHew1 jT+aAQCGpqnurGTpLPK6eWC6IPH9becVxmMti/YzAE2N1ikqRQEA2rAVcq7Cl76V juYFdpsutfUH5KclRTYnlpXBaO2AiAM= =fogS -----END PGP SIGNATURE----- --=Indigo_Clinton_Dick_Cheney_subversive_S_Box_ASO_Operation_Iraqi=Free-- From nobody Thu Mar 16 04:33:05 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6508C1293DA for ; Thu, 16 Mar 2017 04:33:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wn1KKdBsCcwC for ; Thu, 16 Mar 2017 04:33:00 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B39241293E4 for ; Thu, 16 Mar 2017 04:33:00 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1coTeM-0005cb-BO for ; Thu, 16 Mar 2017 12:32:58 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1coTXL-00057m-M7 for ; Thu, 16 Mar 2017 12:25:43 +0100 From: Werner Koch To: IETF OpenPGP References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: IETF OpenPGP Date: Thu, 16 Mar 2017 12:25:42 +0100 In-Reply-To: <87mvco40xf.fsf@wheatstone.g10code.de> (Werner Koch's message of "Tue, 14 Mar 2017 11:17:48 +0100") Message-ID: <87mvclwjih.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=genetic_global_NORAD_red_noise_Exon_Shell_ammunition_UOP_espionage=n"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 11:33:04 -0000 --=genetic_global_NORAD_red_noise_Exon_Shell_ammunition_UOP_espionage=n Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 14 Mar 2017 11:17, wk@gnupg.org said: > What do others think: > > - Use SHA-256 and truncated to 200 bits > - Use SHA-512 and truncated to 200 bits > - Anything else No opinions? Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=genetic_global_NORAD_red_noise_Exon_Shell_ammunition_UOP_espionage=n Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWMp2NwAKCRD/gK6dHew1 jSNSAP9wHGa8HvuhUck8qMaiXcSDTSwYHKkXypowPvHPV6Jc+AEA8cavFKjba1/D DmenAP1Bh4ou51naLNcBz+RCiwqzFgk= =YOcM -----END PGP SIGNATURE----- --=genetic_global_NORAD_red_noise_Exon_Shell_ammunition_UOP_espionage=n-- From nobody Thu Mar 16 04:51:35 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 346CA129426 for ; Thu, 16 Mar 2017 04:51:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.334 X-Spam-Level: X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inurbanus.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dw57h0MkZYcd for ; Thu, 16 Mar 2017 04:51:32 -0700 (PDT) Received: from mail-ua0-x231.google.com (mail-ua0-x231.google.com [IPv6:2607:f8b0:400c:c08::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E47B4129432 for ; Thu, 16 Mar 2017 04:51:31 -0700 (PDT) Received: by mail-ua0-x231.google.com with SMTP id u30so24650305uau.0 for ; Thu, 16 Mar 2017 04:51:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=CZyBjghnVdBXKdxZPZaA013r5Qx3Oxm+3wZUoiSw4x0=; b=WNKiXLkxvC67ipV5kNG3GUEjlZYL7B7kS43SZpUn1mQ1huNwH8su+1ONXbYaNrBUKD o/t9bhAM84XxHZR5+e6W74r39gyGk3FIOgyW31OUZvZGc34mgOQl9Ei2bxZM5Qcfbevx kp3SDIYmuI+WKwNTp2S7LvlDpHA46K1O2vEV4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=CZyBjghnVdBXKdxZPZaA013r5Qx3Oxm+3wZUoiSw4x0=; b=gLglJdwkpYfRp6kGyivWAz19D8sis+hz3UNW+BuogodvoXHSayPCm2QnUa/jE47SYi pmEotrpGD55WCsVxk7qZRfpOEDbJVeWgqrwDie5hR+rMijIrwVgxOW6rGAdnilYUuUA5 DtV3/F2VaY+Pw8ijnypzCZBSNqdw1Nu41Qhnd3SEh6p/SOST1ogW6unKxwcrY0O8Plkm 8FipxVmjMnY4R9jx3neeX+bLB04wNoM6E65Zvoqns4Lp8/sNO4YXnotcYXEesms0+KPD 7sgmio51bKrMEpB/COU+gabH49LgRE9ZKlsMogd3x5NRlfARsxALtYKl0R4ANKB6djCK 21Cg== X-Gm-Message-State: AFeK/H0Pb9AkZOnNYNtQqjKP7vqywjJ2THXBLPON8SuTXaR1PrJKJCDktdwN1UcEHVr9bIYcLRh4rNq1GA8sZA== X-Received: by 10.159.37.144 with SMTP id 16mr3578850uaf.80.1489665090557; Thu, 16 Mar 2017 04:51:30 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.124.2 with HTTP; Thu, 16 Mar 2017 04:51:30 -0700 (PDT) In-Reply-To: <87mvclwjih.fsf@wheatstone.g10code.de> References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> From: Thijs van Dijk Date: Thu, 16 Mar 2017 12:51:30 +0100 Message-ID: To: IETF OpenPGP Content-Type: multipart/alternative; boundary=001a1139ba668eba88054ad7ae91 Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 11:51:34 -0000 --001a1139ba668eba88054ad7ae91 Content-Type: text/plain; charset=UTF-8 I'm in favour of truncating SHA-512 to 200 bits, though this is not a strong preference. -Thijs (As a general principle, I like the idea of not exposing more than half of a hash's internal state to the wild. A remnant of ye olden days where it would've made length extension attacks that much more difficult.) -- Thijs van Dijk 6A94 F9A2 DFE5 40E3 067E C282 2AFE 9EFA 718B 6165 On 16 March 2017 at 12:25, Werner Koch wrote: > On Tue, 14 Mar 2017 11:17, wk@gnupg.org said: > > > What do others think: > > > > - Use SHA-256 and truncated to 200 bits > > - Use SHA-512 and truncated to 200 bits > > - Anything else > > No opinions? > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp > > --001a1139ba668eba88054ad7ae91 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I'm in favour of truncating SHA-512 to 200 bits, thoug= h this is not a strong preference.

-Thijs

(As a general principle, I like the idea of not exposing more than half = of a hash's internal state to the wild. A remnant of ye olden days wher= e it would've made length extension attacks that much more difficult.)<= /div>

--
Thijs van Dijk

6A94 F9A2 DFE5 4= 0E3 067E =C2=A0C282 2AFE 9EFA 718B 6165

On 16 March 2017 at 12:25, Werner Koch <wk@gnupg= .org> wrote:
On Tue, 14 Mar 2017 11:17, wk@gnupg.org<= /a> said:

> What do others think:
>
>=C2=A0 - Use SHA-256 and truncated to 200 bits
>=C2=A0 - Use SHA-512 and truncated to 200 bits
>=C2=A0 - Anything else

No opinions?


Shalom-Salam,

=C2=A0 =C2=A0Werner

--
Die Gedanken sind frei.=C2=A0 Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
openpgp mailing list
openpgp@ietf.org
https://www.ietf.org/mailman/listinfo/openpgp<= br>

--001a1139ba668eba88054ad7ae91-- From nobody Thu Mar 16 06:34:26 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B32101294D1 for ; Thu, 16 Mar 2017 06:34:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzvUooJUW_4y for ; Thu, 16 Mar 2017 06:34:23 -0700 (PDT) Received: from outmail148107.authsmtp.com (outmail148107.authsmtp.com [62.13.148.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F029129489 for ; Thu, 16 Mar 2017 06:34:23 -0700 (PDT) Received: from mail-c232.authsmtp.com (mail-c232.authsmtp.com [62.13.128.232]) by punt22.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v2GDYLpZ076351 for ; Thu, 16 Mar 2017 13:34:21 GMT Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com [52.5.185.120]) (authenticated bits=0) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v2GDYJqA012256 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 16 Mar 2017 13:34:20 GMT Received: from [127.0.0.1] (localhost [127.0.0.1]) by petertodd.org (Postfix) with ESMTPSA id 8A4E7404F7 for ; Thu, 16 Mar 2017 13:34:18 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id 257FE26A4D; Thu, 16 Mar 2017 09:34:14 -0400 (EDT) Date: Thu, 16 Mar 2017 09:34:14 -0400 From: Peter Todd To: IETF OpenPGP Message-ID: <20170316133414.GA3503@fedora-23-dvm> References: <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline In-Reply-To: <87mvclwjih.fsf@wheatstone.g10code.de> User-Agent: Mutt/1.5.23 (2014-03-12) X-Server-Quench: 4283f1a1-0a4d-11e7-829f-00151795d556 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKhNXJkIGTSxQ P1pUaF1JP0tFGxZ8 UiQUWVRVV01wWml2 bwBTbUtYYFRLQQRi VVZIQFJNFgB3AFJH BGlqO2MzBgVHenx1 YwhgW3RcEkB4fUUr Qx9VCG1XYTN9aWFK V11QdQoCbQNKfxpE bVl6AHYIZytlM3Bw LAgrMjYpMi1qYBpY WBoMKlRaHA4IEy90 ThYOVTsuG0IIXT0p Lho6YkYGG14WKUw2 WR9X X-Authentic-SMTP: 61633532353630.1037:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 52.5.185.120/25 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 13:34:25 -0000 --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 16, 2017 at 12:25:42PM +0100, Werner Koch wrote: > On Tue, 14 Mar 2017 11:17, wk@gnupg.org said: >=20 > > What do others think: > > > > - Use SHA-256 and truncated to 200 bits > > - Use SHA-512 and truncated to 200 bits > > - Anything else >=20 > No opinions? Have you considered making fingerprints a non-hexidecimal encoding, such as base32? They could be the same size, but with more bits. Bitcoin Core has done a lot of research lately in creating a good base32 encoding with UI features like single-digit error detection and correction. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJYypRMAAoJECSBQD2l8JH7HsUH/2luWfxZrhLslqBjNDDAzACV bd+tOH37zrlzDgv8TCRPIz4hRaX2RkeFssZDSpgfSkvdrkrYKsb3DMStmFeYq1BP ISXXe3X6ju9UW8InU2z0ybRqNTSFuazky0zx0PcXd3rejOiqGN6tkI5LOiszNHvL yfCmOqgnWbVRRI2A/v8MvlooHMKaHip+u6p2+kMTXXYbhZGUIeHBRROf9JVS1qoz jkPDzyRQojwF790/vdAY1rskHEgDtrNJvqskngujxaA7zoKgRA5eqhGg7S8YxEQr SFxpVQkjbMW+RvGVaBy/HMFO9tvCGPjud067N4GdajSOjt+tfp3ZZKJFtjIm1ss= =Sf8u -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt-- From nobody Thu Mar 16 06:48:02 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10AA31294F9 for ; Thu, 16 Mar 2017 06:48:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B0tJTBOybcNo for ; Thu, 16 Mar 2017 06:48:00 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC4721294ED for ; Thu, 16 Mar 2017 06:47:59 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1coVl0-0007by-1r for ; Thu, 16 Mar 2017 14:47:58 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1coVh9-0005uI-Om; Thu, 16 Mar 2017 14:43:59 +0100 From: Werner Koch To: Peter Todd Cc: IETF OpenPGP References: <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> <20170316133414.GA3503@fedora-23-dvm> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Peter Todd , IETF OpenPGP Date: Thu, 16 Mar 2017 14:43:48 +0100 In-Reply-To: <20170316133414.GA3503@fedora-23-dvm> (Peter Todd's message of "Thu, 16 Mar 2017 09:34:14 -0400") Message-ID: <8737edwd4b.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=Janet_Reno_S_Key_World_Trade_Center_Majic_Exon_Shell_security_.400=m"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 13:48:01 -0000 --=Janet_Reno_S_Key_World_Trade_Center_Majic_Exon_Shell_security_.400=m Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 16 Mar 2017 14:34, pete@petertodd.org said: > Have you considered making fingerprints a non-hexidecimal encoding, such = as > base32? They could be the same size, but with more bits. The human readable fingerprint format is out of scope for the spec. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=Janet_Reno_S_Key_World_Trade_Center_Majic_Exon_Shell_security_.400=m Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWMqWlAAKCRD/gK6dHew1 jYYfAPwNTfeGvNR7SpYNfraLWRk/o8V0EIynYYAgO/1DONy8NwEA76ZAyI0+EhAd yAth8eaVbjTRcyQrpTw1HQhbiuY/DAo= =2IAj -----END PGP SIGNATURE----- --=Janet_Reno_S_Key_World_Trade_Center_Majic_Exon_Shell_security_.400=m-- From nobody Thu Mar 16 07:04:02 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEEDA1294FF for ; Thu, 16 Mar 2017 07:04:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 95EZru6J4gjP for ; Thu, 16 Mar 2017 07:03:58 -0700 (PDT) Received: from outmail149081.authsmtp.net (outmail149081.authsmtp.net [62.13.149.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C55B512950B for ; Thu, 16 Mar 2017 07:03:54 -0700 (PDT) Received: from mail-c247.authsmtp.com (mail-c247.authsmtp.com [62.13.128.247]) by punt22.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v2GE3qvU062480 for ; Thu, 16 Mar 2017 14:03:52 GMT Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com [52.5.185.120]) (authenticated bits=0) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v2GE3oKF035584 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 16 Mar 2017 14:03:51 GMT Received: from [127.0.0.1] (localhost [127.0.0.1]) by petertodd.org (Postfix) with ESMTPSA id F212E404F7 for ; Thu, 16 Mar 2017 14:03:49 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id E06CD26A4D; Thu, 16 Mar 2017 10:03:46 -0400 (EDT) Date: Thu, 16 Mar 2017 10:03:46 -0400 From: Peter Todd To: IETF OpenPGP Message-ID: <20170316140346.GA3816@fedora-23-dvm> References: <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> <20170316133414.GA3503@fedora-23-dvm> <8737edwd4b.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU" Content-Disposition: inline In-Reply-To: <8737edwd4b.fsf@wheatstone.g10code.de> User-Agent: Mutt/1.5.23 (2014-03-12) X-Server-Quench: 626fcb97-0a51-11e7-bcdf-0015176ca198 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKhNXJkIGTSxQ P1pUaF1JP0tFGxZ8 UiQUWVRVV01wXWl1 aABUbEtYYFRLQQRi VVZIQFJNFgB3AFJH BGlrUUYJAQVFfXt4 YQhgWHJaEkJ4cxAu EEdTCG1XYGZ9aWFK V10KJFcCbQNKfxpE bVYsBXIEaStlM3Bw LAgrMjYpMi1qYBpY WBoMKlRaHA4IEy90 ThYOVTsuG0IIXT0p Lho6YkYGG14WKUw2 Wc+m X-Authentic-SMTP: 61633532353630.1038:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 52.5.185.120/25 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 14:04:01 -0000 --EeQfGwPcQSOJBaQU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 16, 2017 at 02:43:48PM +0100, Werner Koch wrote: > On Thu, 16 Mar 2017 14:34, pete@petertodd.org said: >=20 > > Have you considered making fingerprints a non-hexidecimal encoding, suc= h as > > base32? They could be the same size, but with more bits. >=20 > The human readable fingerprint format is out of scope for the spec. Well, if that's the case, there's no reason to use less than a full 256 bit= s, either SHA256 directly, or SHA512 truncated in the standard way. How much = of that you truncate when displaying the fingerprint is a question for the hum= an readable spec, not the internal formatting spec. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --EeQfGwPcQSOJBaQU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJYyps+AAoJECSBQD2l8JH7ljAH/iUQHUqwURQUGRISyCdy3lYH 9YdvRW9FQIZhcGd7GZi+KNoX0mbS9s4rPm0rQfmuTjNJ236jQMiAzgnczxpTFT3V AVa7kxNVVOw46JTJUMnpddxsui5EsOaqXld32q+xyG/sDNJKxTXDDKiQ3mO3aauO luHhC4d+r03ox+kywMi+lRpvjiPn4hVCbCoV6mIsppDGn7CUL9ZUz/luUAD76Tpg ho/dR4RCfQAWaH8vhG8J40ZdRldtAfPcUvSRSwa/a6b6IQk7yuXMTmrffjWVdBvN NQifspxdAx2KiPStPiTJ9NvlrGF0oDeXaoQ8uoed9+g352gWg8g2e5+zjXi29oE= =JHPJ -----END PGP SIGNATURE----- --EeQfGwPcQSOJBaQU-- From nobody Thu Mar 16 08:04:18 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B072129556 for ; Thu, 16 Mar 2017 08:04:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.334 X-Spam-Level: X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inurbanus.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gizBnln0g3qN for ; Thu, 16 Mar 2017 08:04:15 -0700 (PDT) Received: from mail-ua0-x234.google.com (mail-ua0-x234.google.com [IPv6:2607:f8b0:400c:c08::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26C69129566 for ; Thu, 16 Mar 2017 08:03:52 -0700 (PDT) Received: by mail-ua0-x234.google.com with SMTP id q7so27851328uaf.2 for ; Thu, 16 Mar 2017 08:03:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=3W9nIkP2FHu+nSq3GaZfWKgO4UAcg4htaAaj6uuGu/o=; b=KenozM7Q7fY/O0SLnWCZzUcRdkbDauxEuGkn74kOD06/S1VadK8fgi7CtRbP39dote 2gvUm62P269R56BXHr/Nu9+zt+h8RRfJhH6xfogislySTGRUqyv6fMMaySTs57VJeThZ RTtAbnHH/4S4Ha+rtiuQqGOdY91DGnQQm2bcw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=3W9nIkP2FHu+nSq3GaZfWKgO4UAcg4htaAaj6uuGu/o=; b=hPimNzLzaBryeAU25+KljiqfqV7ekz7xrKBYdbs3XU/z7O9ovfDZCQDykacr/j+qmc CTGw58GFjwAkrjezG+5RfS7kaZPjc89FQYIdk22GhZYLxXbCXh7WcOuQ0S5m3Fc6jsXM 5R+RwPuMNoKzTDXUzbh3xiCmFNrzVLt4Mz5256dECK+F9cV8Mm3+8/sQ0yIJOSzYRetl PMkchU05aO/6CP484f5egDxYNWH3CoJCkG7B+IXBZgRFXSycy/v+AdmCGZdxquy47Vg3 +bU9s9Ki6xmkewWGJhdQBoc92auncEHJNdSEnXryuSTAHj8QgKlSv99WedPywITxD7DJ TNFg== X-Gm-Message-State: AFeK/H2M2ClgLw7CtGfjf5h5WLIKUB1D70VGEn54M2yzYY8/mdPlvlhXIpgv1x73nxqRDw/gtjdBIEChNmopMA== X-Received: by 10.159.37.144 with SMTP id 16mr4014564uaf.80.1489676631833; Thu, 16 Mar 2017 08:03:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.124.2 with HTTP; Thu, 16 Mar 2017 08:03:51 -0700 (PDT) In-Reply-To: <20170316140346.GA3816@fedora-23-dvm> References: <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> <20170316133414.GA3503@fedora-23-dvm> <8737edwd4b.fsf@wheatstone.g10code.de> <20170316140346.GA3816@fedora-23-dvm> From: Thijs van Dijk Date: Thu, 16 Mar 2017 16:03:51 +0100 Message-ID: To: Peter Todd Cc: IETF OpenPGP Content-Type: multipart/alternative; boundary=001a1139ba6678eba0054ada5ed0 Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 15:04:17 -0000 --001a1139ba6678eba0054ada5ed0 Content-Type: text/plain; charset=UTF-8 On 16 March 2017 at 15:03, Peter Todd wrote: > Well, if that's the case, there's no reason to use less than a full 256 > bits, > either SHA256 directly, or SHA512 truncated in the standard way. Sure there is. From earlier in this thread: On 8 March 2017 at 08:02, Werner Koch wrote: > Due to the use of the 'Issuer Fingerpint' the signatures grow in size by > 22 octets which is substantal for ECC signatures. With the full V5 > fingerprint this would increase to 25 octets (34 - 9 from the not used > 'Issuer' subpacket). By truncating the fingerprint we will only use 18 > octets which is even a saving compared to V4 keys. --001a1139ba6678eba0054ada5ed0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On 1= 6 March 2017 at 15:03, Peter Todd <pete@petertodd.org> wrot= e:
Well, if that's= the case, there's no reason to use less than a full 256 bits,
either SHA256 directly, or SHA512 truncated in the standard way.

Sure there is. From earlier in this thread:=C2=A0

On 8 March 2017 at 08:02, Werner Koch=C2=A0<wk@gnupg.org= >=C2=A0wrote:
Due to the use of the 'Issuer Fingerpint' the signatures grow= in size by
22 octets which is substantal for ECC signatures.=C2=A0 With= the full V5
fingerprint this would increase to 25 octets (34 - 9 from t= he not used
'Issuer' subpacket).=C2=A0 By truncating the fingerp= rint we will only use 18
octets which is even a saving compared to V4 ke= ys.
--001a1139ba6678eba0054ada5ed0-- From nobody Thu Mar 16 08:25:47 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A835B12960F for ; Thu, 16 Mar 2017 08:25:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.99 X-Spam-Level: X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dQr8BvGjQUzk for ; Thu, 16 Mar 2017 08:25:44 -0700 (PDT) Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:470:e448:1::3a11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EAF71295B3 for ; Thu, 16 Mar 2017 08:25:40 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 4F271E2042 for ; Thu, 16 Mar 2017 11:25:39 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 12079-07 for ; Thu, 16 Mar 2017 11:25:37 -0400 (EDT) Received: from securerf.ihtfp.org (unknown [IPv6:fe80::ea2a:eaff:fe7d:235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 7A915E203A for ; Thu, 16 Mar 2017 11:25:37 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1489677937; bh=kUMh6uA6+obHM8SYZebLSFI4Hn17h7H3U0B1p2SqNLU=; h=From:To:Subject:References:Date:In-Reply-To; b=Bh0MGeiVcOxExTL11+zoLxWePv2RZNdRJXnMk1o/RQh2zcqQpH/95fma68sW+QmRS 9hfSwjgnypbfVgYiEqSu1LEl2t+tZrFeZqqVbk2A/+Y2wwtWH9Li3AWJ96rO+UzZok ToX86f+QRLFvSoyg1iGcjIduIOqEAyioMiTTDup8= Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.14.8/Submit) id v2GFPalY024344; Thu, 16 Mar 2017 11:25:36 -0400 From: Derek Atkins To: IETF OpenPGP References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> Date: Thu, 16 Mar 2017 11:25:36 -0400 In-Reply-To: <87mvclwjih.fsf@wheatstone.g10code.de> (Werner Koch's message of "Thu, 16 Mar 2017 12:25:42 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 15:25:46 -0000 Werner Koch writes: > On Tue, 14 Mar 2017 11:17, wk@gnupg.org said: > >> What do others think: >> >> - Use SHA-256 and truncated to 200 bits >> - Use SHA-512 and truncated to 200 bits >> - Anything else > > No opinions? Considering these days I work with very small systems, I'm in favor of SHA2-256 because in my environments it's much faster. Even if SHA2-512 is faster on larger systems, the clock-wall time still gives SHA2-256 the advantage when you compare 256 vs 512 on a 16MHz 16-bit platform versus a 32/64-bit 2GHz platform. I.e., it doesn't bother me if SHA2-256 is a fraction of a millisecond slower on a large system, but it's tens or hundreds of milliseconds faster on the constrained device. Thanks, > Shalom-Salam, > > Werner -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Thu Mar 16 10:35:28 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C99781296DA for ; Thu, 16 Mar 2017 10:35:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 458vo5cdWFK9 for ; Thu, 16 Mar 2017 10:35:24 -0700 (PDT) Received: from outmail148095.authsmtp.com (outmail148095.authsmtp.com [62.13.148.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78D04126DFB for ; Thu, 16 Mar 2017 10:35:24 -0700 (PDT) Received: from mail-c232.authsmtp.com (mail-c232.authsmtp.com [62.13.128.232]) by punt22.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v2GHZMFI041471; Thu, 16 Mar 2017 17:35:22 GMT Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com [52.5.185.120]) (authenticated bits=0) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v2GHZK9Q089035 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 16 Mar 2017 17:35:21 GMT Received: from [127.0.0.1] (localhost [127.0.0.1]) by petertodd.org (Postfix) with ESMTPSA id 6E17B400A9; Thu, 16 Mar 2017 17:35:19 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id B4F9E26A4D; Thu, 16 Mar 2017 13:35:15 -0400 (EDT) Date: Thu, 16 Mar 2017 13:35:15 -0400 From: Peter Todd To: Thijs van Dijk Cc: IETF OpenPGP Message-ID: <20170316173515.GA4889@fedora-23-dvm> References: <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> <20170316133414.GA3503@fedora-23-dvm> <8737edwd4b.fsf@wheatstone.g10code.de> <20170316140346.GA3816@fedora-23-dvm> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Server-Quench: edef4a9c-0a6e-11e7-829f-00151795d556 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdwQUFVQGAgsB AmEbWlNeU1h7W2I7 bghPaBtcak9QXgdq T0pMXVMcUgcfeXZ6 D38eWhBydAAIfn9z YQg3CiUNWBVzJlt9 E0gBCGwHMGB9YGIW Bl1YdwJRcQRDe0tA b1YxNiYHcQ5YJi8+ BwArCngPMC9EKSNT ClxFLl8DCU8NEnYy RhYNEC83B0wDW20r NRs+LUUVGC4A X-Authentic-SMTP: 61633532353630.1037:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 52.5.185.120/25 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 17:35:27 -0000 --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 16, 2017 at 04:03:51PM +0100, Thijs van Dijk wrote: > On 16 March 2017 at 15:03, Peter Todd wrote: >=20 > > Well, if that's the case, there's no reason to use less than a full 256 > > bits, > > either SHA256 directly, or SHA512 truncated in the standard way. >=20 >=20 > Sure there is. From earlier in this thread: >=20 > On 8 March 2017 at 08:02, Werner Koch wrote: >=20 > > Due to the use of the 'Issuer Fingerpint' the signatures grow in size by > > 22 octets which is substantal for ECC signatures. With the full V5 > > fingerprint this would increase to 25 octets (34 - 9 from the not used > > 'Issuer' subpacket). By truncating the fingerprint we will only use 18 > > octets which is even a saving compared to V4 keys. Yes, I missed that message, sorry. That said, I certainly don't find such small savings a good reason to use "non-standard" crypto - in the grand scheme of things even on small devices that's meaningless. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJYyszPAAoJECSBQD2l8JH7YzQH/174d42uFrfULesU55pAZVPn hWeBq5UsZIK/Gv5bK8kjhfL8fKN3a5I0ArWfSUdF3hZNOdutinCkTjjm3ScU3mg7 bjAGlisuyhg92g+NKzZYGeafWdneJa12Ci0EXbId0OA+Jr1e5VADeYb+SnM6DzCu 9j6UfmYErubshTPg6IxSDYmimBkoSRjoNfYqaqpCEC18aZfc3PDt5jv26BaEnRKd bSd6+EjdPQgm0jR+L38P6oe7B2uP6U3L7cyPjYQNB413hDsvgX8OGOJHAc5nMBvf 8ct1j4yxTa/hJ5/KtNe+KrpcLEh33f7XowS1SXPwxLDHrg8G90sr11sbJi/3QEk= =qaZA -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o-- From nobody Thu Mar 16 10:37:25 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 537A91296CB for ; Thu, 16 Mar 2017 10:37:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pH9sqjmNz3Fa for ; Thu, 16 Mar 2017 10:37:22 -0700 (PDT) Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B593B1296C4 for ; Thu, 16 Mar 2017 10:37:22 -0700 (PDT) Received: from pps.filterd (m0048589.ppops.net [127.0.0.1]) by m0048589.ppops.net-00191d01. (8.16.0.17/8.16.0.17) with SMTP id v2GHPY45009413 for ; Thu, 16 Mar 2017 13:25:58 -0400 Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0048589.ppops.net-00191d01. with ESMTP id 297x5gj7cp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 16 Mar 2017 13:25:58 -0400 Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v2GHPudT016331 for ; Thu, 16 Mar 2017 13:25:57 -0400 Received: from mlpi407.sfdc.sbc.com (mlpi407.sfdc.sbc.com [130.9.128.239]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v2GHPru1016221 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 16 Mar 2017 13:25:55 -0400 Received: from MISOUT7MSGHUBAC.ITServices.sbc.com (MISOUT7MSGHUBAC.itservices.sbc.com [130.9.129.147]) by mlpi407.sfdc.sbc.com (RSA Interceptor) for ; Thu, 16 Mar 2017 17:25:39 GMT Received: from MISOUT7MSGUSRCG.ITServices.sbc.com ([169.254.7.103]) by MISOUT7MSGHUBAC.ITServices.sbc.com ([130.9.129.147]) with mapi id 14.03.0319.002; Thu, 16 Mar 2017 13:25:38 -0400 From: "HANSEN, TONY L" To: IETF OpenPGP Thread-Topic: [openpgp] Version 5 key and fingerprint proposal Thread-Index: AQHSnkkXb0/y6aWZsUSrgivkw9uOkKGXlqiXgAAhbIA= Date: Thu, 16 Mar 2017 17:25:38 +0000 Message-ID: References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [135.110.240.99] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-RSA-Inspected: yes X-RSA-Classifications: public X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-03-16_13:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1702020001 definitions=main-1703160135 Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 17:37:24 -0000 KFRoaXMgaXMgcHJvYmFibHkgb2xkIGluZm8gZm9yIHNvbWUgb2YgeW91LikNCg0KRnJvbSBteSBh bmFseXNpcywgdGhlIGRpZmZlcmVuY2UgaW4gc3BlZWQgYmV0d2VlbiBzaGEyLTI1NiBhbmQgc2hh Mi01MTIgaXMgZGlyZWN0bHkgYmVjYXVzZSBvZiB0aGUgdXNlIG9mIDMyLWJpdCBhcml0aG1ldGlj IHZzIDY0LWJpdCBhcml0aG1ldGljLiBUaGUgYWxnb3JpdGhtcyBhcmUgZXNzZW50aWFsbHkgaWRl bnRpY2FsLCBub3QgY291bnRpbmcgdGhlIHVuZGVybHlpbmcgY29uc3RhbnRzLiBPbiBtYWNoaW5l cyB3aGVyZSA2NC1iaXQgYXJpdGhtZXRpYyBpcyBmYXN0ZXIgdGhhbiAzMi1iaXQgYXJpdGhtZXRp Yywgc2hhMi01MTIgd2lsbCBiZSBmYXN0ZXIgdGhhbiBzaGEyLTI1Ni4gT24gbWFjaGluZXMgd2hl cmUgMzItYml0IGFyaXRobWV0aWMgaXMgZmFzdGVyIHRoYW4gNjQtYml0IGFyaXRobWV0aWMsIHNo YTItMjU2IHdpbGwgYmUgZmFzdGVyIHRoYW4gc2hhMi01MTIuIE9uIDgtYml0IG9yIDE2LWJpdCBt YWNoaW5lcywgeW914oCZcmUgZ29pbmcgdG8gYmUgZW11bGF0aW5nIGVpdGhlciAzMi1iaXQgYXJp dGhtZXRpYyBvciBlbXVsYXRpbmcgNjQtYml0IGFyaXRobWV0aWM7IHVzdWFsbHkgdGhlIDMyLWJp dCBhcml0aG1ldGljIHdpbGwgYmUgZmFzdGVyLiAgOi0pDQoNCk9uIGFub3RoZXIgbm90ZSwgZm9y IFdlcm5lciBLb2NoOiBhcmUgeW91IHRhbGtpbmcgYWJvdXQgdHJ1bmNhdGluZyB0aGUgdmFsdWUg ZnJvbSBzaGEyLTUxMih4KSBkb3duIHRvIDIwMCBiaXRzLCBvciB1c2luZyB0aGUgRklQUyAxODAt NCB0cnVuY2F0ZWQgc2hhMi01MTIvdCh4LHQpIGFsZ29yaXRobT8gVGhlcmUgaXMgYSBkZWZpbml0 ZSBkaWZmZXJlbmNlIGJldHdlZW4gdGhlIHR3by4gRklQUyAxODAtNCBkZWZpbmVzIGRpZmZlcmlu ZyB1bmRlcmx5aW5nIHZlY3RvcnMgZm9yIGRpZmZlcmVudCBsZW5ndGhzIG9mIHQgKHRoZSB0cnVu Y2F0aW9uIHZhbHVlKS4NCg0KTm90ZSB0aGF0IEZJUFMgMTgwLTQgZGVmaW5lcyB0aGUgZnVuY3Rp b24gZm9yIGFsbCBwb3NpdGl2ZSB2YWx1ZXMgb2YgdCA8NTEyLCBidXQgb25seSA+YXBwcm92ZXM8 IGl0cyB1c2UgZm9yIDIyNCBhbmQgMjU2LiBUaGlzIG1pZ2h0IGJlIGFuIGFyZ3VtZW50IGZvciB1 c2UgMjI0IGluc3RlYWQgb2YgMjAwLg0KDQotIFRvbnkgSGFuc2VuDQoNCk9uIDMvMTYvMTcsIDEx OjI1IEFNLCAib3BlbnBncCBvbiBiZWhhbGYgb2YgRGVyZWsgQXRraW5zIiA8b3BlbnBncC1ib3Vu Y2VzQGlldGYub3JnIG9uIGJlaGFsZiBvZiBkZXJla0BpaHRmcC5jb20+IHdyb3RlOg0KDQogICAg V2VybmVyIEtvY2ggPHdrQGdudXBnLm9yZz4gd3JpdGVzOg0KICAgIA0KICAgID4gT24gVHVlLCAx NCBNYXIgMjAxNyAxMToxNywgd2tAZ251cGcub3JnIHNhaWQ6DQogICAgPg0KICAgID4+IFdoYXQg ZG8gb3RoZXJzIHRoaW5rOg0KICAgID4+DQogICAgPj4gIC0gVXNlIFNIQS0yNTYgYW5kIHRydW5j YXRlZCB0byAyMDAgYml0cw0KICAgID4+ICAtIFVzZSBTSEEtNTEyIGFuZCB0cnVuY2F0ZWQgdG8g MjAwIGJpdHMNCiAgICA+PiAgLSBBbnl0aGluZyBlbHNlDQogICAgPg0KICAgID4gTm8gb3Bpbmlv bnM/DQogICAgDQogICAgQ29uc2lkZXJpbmcgdGhlc2UgZGF5cyBJIHdvcmsgd2l0aCB2ZXJ5IHNt YWxsIHN5c3RlbXMsIEknbSBpbiBmYXZvciBvZg0KICAgIFNIQTItMjU2IGJlY2F1c2UgaW4gbXkg ZW52aXJvbm1lbnRzIGl0J3MgbXVjaCBmYXN0ZXIuICBFdmVuIGlmIFNIQTItNTEyDQogICAgaXMg ZmFzdGVyIG9uIGxhcmdlciBzeXN0ZW1zLCB0aGUgY2xvY2std2FsbCB0aW1lIHN0aWxsIGdpdmVz IFNIQTItMjU2DQogICAgdGhlIGFkdmFudGFnZSB3aGVuIHlvdSBjb21wYXJlIDI1NiB2cyA1MTIg b24gYSAxNk1IeiAxNi1iaXQgcGxhdGZvcm0NCiAgICB2ZXJzdXMgYSAzMi82NC1iaXQgMkdIeiBw bGF0Zm9ybS4NCiAgICANCiAgICBJLmUuLCBpdCBkb2Vzbid0IGJvdGhlciBtZSBpZiBTSEEyLTI1 NiBpcyBhIGZyYWN0aW9uIG9mIGEgbWlsbGlzZWNvbmQNCiAgICBzbG93ZXIgb24gYSBsYXJnZSBz eXN0ZW0sIGJ1dCBpdCdzIHRlbnMgb3IgaHVuZHJlZHMgb2YgbWlsbGlzZWNvbmRzDQogICAgZmFz dGVyIG9uIHRoZSBjb25zdHJhaW5lZCBkZXZpY2UuDQogICAgDQogICAgVGhhbmtzLA0KICAgIA0K ICAgID4gU2hhbG9tLVNhbGFtLA0KICAgID4NCiAgICA+ICAgIFdlcm5lcg0KICAgIA0KICAgIC1k ZXJlaw0KICAgIA0KICAgIC0tIA0KICAgICAgICAgICBEZXJlayBBdGtpbnMgICAgICAgICAgICAg ICAgIDYxNy02MjMtMzc0NQ0KICAgICAgICAgICBkZXJla0BpaHRmcC5jb20gICAgICAgICAgICAg d3d3LmlodGZwLmNvbQ0KICAgICAgICAgICBDb21wdXRlciBhbmQgSW50ZXJuZXQgU2VjdXJpdHkg Q29uc3VsdGFudA0KICAgIA0KICAgIF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fDQogICAgb3BlbnBncCBtYWlsaW5nIGxpc3QNCiAgICBvcGVucGdwQGlldGYu b3JnDQogICAgaHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBz LTNBX193d3cuaWV0Zi5vcmdfbWFpbG1hbl9saXN0aW5mb19vcGVucGdwJmQ9RHdJQ0FnJmM9TEZZ Wi1vOV9IVU1lTVRTUWljdmpJZyZyPUt6OFZkZ1BWY3RETlNOUEo2UHNCYXcmbT12TTZSaExRRjI0 Mm5VNFZNeVY0RGpNaEhzRVVRZW91OTZlWkZZYWxVRjZBJnM9a3NVMGt6VTlxVHgya2NUdEEtSnNu UTFJRTlDQThnc00tMWlZdktQREZDVSZlPSANCiAgICANCg0K From nobody Thu Mar 16 12:53:09 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CF00129A4B for ; Thu, 16 Mar 2017 12:53:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4am6SVN6BpjI for ; Thu, 16 Mar 2017 12:53:00 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA7C5129A46 for ; Thu, 16 Mar 2017 12:53:00 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cobSE-0005tQ-Ql for ; Thu, 16 Mar 2017 20:52:58 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cobMP-0007x2-KE; Thu, 16 Mar 2017 20:46:57 +0100 From: Werner Koch To: "HANSEN\, TONY L" Cc: IETF OpenPGP References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "HANSEN\, TONY L" , IETF OpenPGP Date: Thu, 16 Mar 2017 20:46:57 +0100 In-Reply-To: (TONY L. HANSEN's message of "Thu, 16 Mar 2017 17:25:38 +0000") Message-ID: <87wpbpt366.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=computer_terrorism_Verisign_Agfa_benelux_Vickie_Weaver_Lon_Horiuchi="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 19:53:07 -0000 --=computer_terrorism_Verisign_Agfa_benelux_Vickie_Weaver_Lon_Horiuchi= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 16 Mar 2017 18:25, tony@att.com said: > On another note, for Werner Koch: are you talking about truncating the > value from sha2-512(x) down to 200 bits, or using the FIPS 180-4 > truncated sha2-512/t(x,t) algorithm? There is a definite difference I am talking about simple truncation (leftmost 200 bits (25 octets)) of SHA-256/512 similar to what Git does. I explained the reason in my reply to Jon's suggestion for SHA-512/t: This will make it easy to get rid of the truncation iff need arises - without defining a new key format. That is the full fingerprint will be the same and searches for the truncated or full fingerprint will still return the same key. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=computer_terrorism_Verisign_Agfa_benelux_Vickie_Weaver_Lon_Horiuchi= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWMrrsQAKCRD/gK6dHew1 jQe/AQCNBsSv4hm85LNJZ/tET6GJ/x4exXQTv8hssBwSYrHpsgEA8D16sXoiNdF7 7KoomW4u+DmViO/JTzOXZfv9dyZRbAM= =Ty+3 -----END PGP SIGNATURE----- --=computer_terrorism_Verisign_Agfa_benelux_Vickie_Weaver_Lon_Horiuchi=-- From nobody Thu Mar 16 16:21:57 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41DD1129B59 for ; Thu, 16 Mar 2017 16:21:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fN8BERLmYSIV for ; Thu, 16 Mar 2017 16:21:53 -0700 (PDT) Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6385A129B63 for ; Thu, 16 Mar 2017 16:21:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1489706512; x=1521242512; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=oSk3lqTiMxMuqeNzpCwmFc2yl9yW79rRcZVoxre0nIo=; b=IUhTEziNGPw8E4dNsm935DUqyOxoFLiHlWKBxxn7CipdZkqCkDl3VhFA //ZumoqhhrHhmYN6+no+zhXr8lmr2w5qw4Q4dq2DAxEj4IrFQ6+DVAjNj nloIFO3WIXDw8WYwe4DzC0NcNPLGh7q5VZDWxOImDU3KgV0T9cLaEbmFJ jueDyJovpp+sCcDTiUdv8DzT30PU1efXZ72Y07i84ln0PB9tlNxgJOGTL mPXGVEu+VMVw5Sr7WNdOyf7/mATzB7xnPcCaRPBwltous6vCBr1HYG+AQ Qai0/IOc+l4dLU+U1ScuDvVv72oHYlQvYm1x2mMRkHFyeM3DgWIK7Zer/ Q==; X-IronPort-AV: E=Sophos;i="5.36,174,1486378800"; d="scan'208";a="143217793" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.2.2 - Outgoing - Outgoing Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-ogg-a.UoA.auckland.ac.nz) ([10.6.2.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 17 Mar 2017 12:21:50 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-a.UoA.auckland.ac.nz (10.6.2.2) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Fri, 17 Mar 2017 12:21:50 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1178.000; Fri, 17 Mar 2017 12:21:50 +1300 From: Peter Gutmann To: Derek Atkins , IETF OpenPGP Thread-Topic: [openpgp] Version 5 key and fingerprint proposal Thread-Index: AQHSl2uq/klpQ+/kqk2/8otpArG9AqGJJgaAgAGYhxCAATKSgIAAEWOAgAAGgoCAAC+IAIABpnAj///vXYCABlyVwoADOG3EgABA/v2AAITy5w== Date: Thu, 16 Mar 2017 23:21:50 +0000 Message-ID: <1489706501673.17215@cs.auckland.ac.nz> References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de>, In-Reply-To: Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 23:21:55 -0000 Derek Atkins writes:=0A= =0A= >I.e., it doesn't bother me if SHA2-256 is a fraction of a millisecond slow= er=0A= >on a large system, but it's tens or hundreds of milliseconds faster on the= =0A= >constrained device.=0A= =0A= +1.=0A= =0A= Also, like AES' 256-bit option, I get the feeling that SHA-512 exists purel= y=0A= for people who want their algorithms to go to 11. It doesn't solve any=0A= obvious problem that SHA-256 doesn't already address, while leading to seri= ous=0A= practical issues when you're required to attach e.g. a 64-byte MAC to 5 byt= es=0A= of SSL payload.=0A= =0A= Peter.=0A= From nobody Thu Mar 16 18:18:10 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01CEF129B9B for ; Thu, 16 Mar 2017 18:18:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TOW_J05YqzSr for ; Thu, 16 Mar 2017 18:18:07 -0700 (PDT) Received: from castro.crustytoothpaste.net (castro.crustytoothpaste.net [75.10.60.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02EF3129BAD for ; Thu, 16 Mar 2017 18:18:06 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 2C88D280AD for ; Fri, 17 Mar 2017 01:18:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1489713484; bh=kRneipObzlG9oCdt7P+5dFFaUO5v0OpGok7lFJnYrhE=; h=Date:From:To:Subject:References:In-Reply-To:From; b=T9+gGo+bsYgZF4EsmVmMyF8AAZxIgvmJGR0kLSCHFHBZsumwVJttuyW0tFgYHtVqo WSWKvvzTwN8DMsriTmUKCT5vsQEjC7Tz8TjWDuZuEa04JPxg4ZqNZMD8BBcdL1V5gC fCoRnTCtXtSookhfK/aLKsVdmKiCubLiCm95L2AvONur4PpWQvHF56VUH5eGbTdoSU w3R/Zw+OL2kdZ6tfsF+kXvEnAyNwxzbtecgdpnx+8hjPtK4i0VxRj/l3DwDfAP1aDf MJNKTVPfC1/CRsNYVZZbsSUcacFSkJRtlcWQE0MSRaCtrJQTgrN/Y8EfKsgHXJOUj4 0q1VSR2rpdqc2H1nM72PrwPshGgWMxtkuyM7rUr5aE0Z3K0JlLN7jeaaTyPweNo80u Eos2gXl0SebxqwpyKCa+Ii3vldzg+gZe0s1skveADluRGCWvJc9WauJI03AMkubs0C AdVOrEyJdwPRaTQtthMp26tR3ICp4g+d9f+flVkNgomSgyquBw7 Date: Fri, 17 Mar 2017 01:17:57 +0000 From: "brian m. carlson" To: IETF OpenPGP Message-ID: <20170317011757.ymdzyv2clmxsea6p@genre.crustytoothpaste.net> References: <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qklae2b6zhcjv7m4" Content-Disposition: inline In-Reply-To: <87mvclwjih.fsf@wheatstone.g10code.de> X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.9.0-2-amd64) User-Agent: NeoMutt/20170113 (1.7.2) Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2017 01:18:09 -0000 --qklae2b6zhcjv7m4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 16, 2017 at 12:25:42PM +0100, Werner Koch wrote: > On Tue, 14 Mar 2017 11:17, wk@gnupg.org said: >=20 > > What do others think: > > > > - Use SHA-256 and truncated to 200 bits > > - Use SHA-512 and truncated to 200 bits > > - Anything else If you want a truncated format you can extend later, why not use SHAKE128 or SHAKE256? Then you don't have to implement a non-standard truncation. If we implement something like Curve448, we're probably going to need SHAKE256 anyway. --=20 brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 --qklae2b6zhcjv7m4 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.18 (GNU/Linux) iQIzBAABCgAdFiEEX8OngXdrJt+H9ww3v1NdgR9S9osFAljLOUQACgkQv1NdgR9S 9otNcw//cgxBmRJyVXAR62qF+5DrY8Or6WzEa6r+3CB9n0C+EwMTS8WaoqWcHOdH hvlllvfxipPaF/nV+Vltrc9aquBVnMDx71c50fAa6uXA1bCTFF6W4ZUkWvcsA4ug NjkKUREzJS0qBlpO9DSSKy8gpH7PSZiUwFE8XJAAenBQlHFes9VWU2r9wHgYZRD6 rmGpZbm5wS8dBdlDGC9hcL/KwqzCzJoDrlhp7OodjjX2Hrvzk4ZLvZCSy5scZcJ3 y+rcDbovzCW3abVsUDSbHHM7JoA0MBEJL6JclDPqxbw/2iffsnNY12DULZmZkJah 75DcYc4VC6F2Yco/X1FHNaQ1Q2RQVU6gJXI40NGyDjpV9RpcTNOm9TUivOIV8YKc Li3WEWRJGOe2M23KTnlt8XxzhPvoLmK0HdjSbx7mMZD2R6DSP3jBOepI8s77R0Dw aSe3a77CK4b6sTt8ypQFDV4e9cM6S17TitqBqJWYbcOY3yD1q9DynWRd8be+PMr9 J6QlqgyzL3c8973Fu/sVg7gXqTACoqjnlwxCUd3rJDUw7i/+0OIQNLueGu5u9Bpf +rFVbbNQESo/W480dS6bxDL/Om4dsTALpbc4UV1k/X52YGsI6J20M1ANsiaKHkYe SA8hXlX/m1vleSNkJ4OBVOr7dG/VhkoLcqQeyG5xRBP0U7QlRuU= =a6Op -----END PGP SIGNATURE----- --qklae2b6zhcjv7m4-- From nobody Fri Mar 17 01:43:04 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BD62126C22 for ; Fri, 17 Mar 2017 01:43:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSsF4LtC1EYC for ; Fri, 17 Mar 2017 01:43:02 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51826126BF7 for ; Fri, 17 Mar 2017 01:43:02 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1conTQ-0002mZ-1Z for ; Fri, 17 Mar 2017 09:43:00 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1conNN-0005BM-DM; Fri, 17 Mar 2017 09:36:45 +0100 From: Werner Koch To: "brian m. carlson" Cc: IETF OpenPGP References: <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> <20170317011757.ymdzyv2clmxsea6p@genre.crustytoothpaste.net> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "brian m. carlson" , IETF OpenPGP Date: Fri, 17 Mar 2017 09:36:44 +0100 In-Reply-To: <20170317011757.ymdzyv2clmxsea6p@genre.crustytoothpaste.net> (brian m. carlson's message of "Fri, 17 Mar 2017 01:17:57 +0000") Message-ID: <871stwti3n.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=doctrine_passwd_IMF_Rubin_argus_radar_kibo_hackers_Albright_White=Wa"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2017 08:43:04 -0000 --=doctrine_passwd_IMF_Rubin_argus_radar_kibo_hackers_Albright_White=Wa Content-Type: text/plain On Fri, 17 Mar 2017 02:17, sandals@crustytoothpaste.net said: > If you want a truncated format you can extend later, why not use > SHAKE128 or SHAKE256? Then you don't have to implement a non-standard SHAKE is not part of OpenPGP yet and I doubt that this will be a mandatory algorithm in 4880bis. SHA-256 is de-facto a mandatory algorithm right now and available in all OpenPGP implementations. We need to provide a smooth upgrade path for implementations and not require them to throw new algorithms in. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=doctrine_passwd_IMF_Rubin_argus_radar_kibo_hackers_Albright_White=Wa Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWMugHAAKCRD/gK6dHew1 jZDDAP4rwJCaga7GCgnCeUCqfZZsBrE5FXWhjrVh1iWTZhcsggEA+vvoPIlvLOEa YRZc/e0mB97g95iTL9Zn9n4lyLOFfgI= =5C+D -----END PGP SIGNATURE----- --=doctrine_passwd_IMF_Rubin_argus_radar_kibo_hackers_Albright_White=Wa-- From nobody Fri Mar 17 02:08:04 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 605E2126C3D for ; Fri, 17 Mar 2017 02:08:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWANBCGPZx-x for ; Fri, 17 Mar 2017 02:08:01 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33F62126C26 for ; Fri, 17 Mar 2017 02:08:01 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1conrb-0003Ke-Mu for ; Fri, 17 Mar 2017 10:07:59 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1conk3-0005UA-Vz for ; Fri, 17 Mar 2017 10:00:12 +0100 From: Werner Koch To: openpgp@ietf.org Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: openpgp@ietf.org Date: Fri, 17 Mar 2017 10:00:10 +0100 Message-ID: <87tw6ss2g5.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=quarter_satellite_imagery_Firefly_RSA_Aldergrove_ASDIC_Taiwan=unclas"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: [openpgp] Deprecate legacy hash algorithms X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2017 09:08:02 -0000 --=quarter_satellite_imagery_Firefly_RSA_Aldergrove_ASDIC_Taiwan=unclas Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, Here is my suggestion on how to deprecate hash algorithms. The new text is: Implementations MUST implement SHA-256. Implementations MAY implement other algorithms. Implementations MUST NOT create messages which require the use of SHA-1 with the exception of computing version 4 key fingerprints and for purposes of the MDC packet. Implementations MUST NOT use MD5 or RIPE-MD/160. Rationale below. Salam-Shalom, Werner =2D-8<---------------cut here---------------start------------->8--- From=20b03e6b2a2a41a724571c7aa3ad8ef134aec8f348 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 17 Mar 2017 09:54:18 +0100 Subject: [PATCH] Deprecate legacy hash algorithms MD5 has been deprecated for a long time; using MOST NOT implement is thus due. SHA-1 is still required to verify existing signature and can't be deprecated. However it is not anymore a mandatory algorithm with the exception of MDC packets which we need to support at least read-only for the foreseeable future. Upgrading SHA-256 to a mandatory algorithm should be obvious. Keeping SHA-512 optional benefits implementations on low end platforms. =2D-- middle.mkd | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/middle.mkd b/middle.mkd index 874f107..25524b6 100644 =2D-- a/middle.mkd +++ b/middle.mkd @@ -3078,8 +3078,11 @@ ## {9.4} Hash Algorithms 11 SHA224 [](#FIPS180) "SHA224" 100--110 Private/Experimental algorithm =20 =2DImplementations MUST implement SHA-1. Implementations MAY implement =2Dother algorithms. MD5 is deprecated. +Implementations MUST implement SHA-256. Implementations MAY implement +other algorithms. Implementations MUST NOT create messages which +require the use of SHA-1 with the exception of computing version 4 key +fingerprints and for purposes of the MDC packet. Implementations MUST +NOT use MD5 OR RIPE-MD/160. =20 # {10} IANA Considerations =20 =2D-=20 2.8.1 =2D-8<---------------cut here---------------end--------------->8--- =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=quarter_satellite_imagery_Firefly_RSA_Aldergrove_ASDIC_Taiwan=unclas Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWMulmwAKCRD/gK6dHew1 jXvqAP9IXLUZjos8cX+UItCzBm9GB1SoTj7bCySXZTuQkOOhQwEAs3ay98xwOawx SEy9nPd1lUjBmspxCpxwGOElhQXAzwE= =UXFr -----END PGP SIGNATURE----- --=quarter_satellite_imagery_Firefly_RSA_Aldergrove_ASDIC_Taiwan=unclas-- From nobody Fri Mar 17 08:05:37 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEFE612947A for ; Fri, 17 Mar 2017 08:05:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id noA-zj751rRx for ; Fri, 17 Mar 2017 08:05:33 -0700 (PDT) Received: from zucker.schokokeks.org (zucker.schokokeks.org [178.63.68.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4F01129450 for ; Fri, 17 Mar 2017 08:05:33 -0700 (PDT) Received: from pc1 ([2001:2012:127:3e00:b3bf:56a1:a140:6086]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 256bits, ECDHE-RSA-AES256-GCM-SHA384) by zucker.schokokeks.org with ESMTPSA; Fri, 17 Mar 2017 16:05:33 +0100 id 0000000000000070.0000000058CBFB3D.000068EF Date: Fri, 17 Mar 2017 16:05:30 +0100 From: Hanno =?UTF-8?B?QsO2Y2s=?= To: openpgp@ietf.org Message-ID: <20170317160530.45a9cbeb@pc1> In-Reply-To: <87tw6ss2g5.fsf@wheatstone.g10code.de> References: <87tw6ss2g5.fsf@wheatstone.g10code.de> X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-26863-1489763133-0001-2" Archived-At: Subject: Re: [openpgp] Deprecate legacy hash algorithms X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2017 15:05:36 -0000 This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_zucker.schokokeks.org-26863-1489763133-0001-2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, 17 Mar 2017 10:00:10 +0100 Werner Koch wrote: > Implementations MUST implement SHA-256. Implementations MAY > implement other algorithms. Implementations MUST NOT create messages > which require the use of SHA-1 with the exception of computing > version 4 key fingerprints and for purposes of the MDC packet. > Implementations MUST NOT use MD5 or RIPE-MD/160. I'm wondering: Should there be a clearer distinction that this is for creation of messages? Because for verification I feel supporting bad algorithms is still okay. Like if I want to verify a signature done with md5 it makes sense that I'm able to do that. Ideally that would include a warning ("This message was sigend with a weak hash alg"), but not supporting it doesn't seem right. --=20 Hanno B=C3=B6ck https://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 --=_zucker.schokokeks.org-26863-1489763133-0001-2 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/nN1f6YOTiG5N1efpYgAcru1HkIFAljL+zoACgkQpYgAcru1 HkI/lw/8Day6yhOiPIC0AmWGy7reEGDnjIMlcczk69q881qQfcFhlKyLCbgX1o1a HgPdrHGhDq49XpTl7ZdcjpUbMVwwAa6q07ov+uMc4I3l1TcSWiAlFBKbLGWwncoG dn0Plaek1mm86z5OYXnGc3af2EfcyR6hBFzf2rHZXuuWzD40qLD4RpoT9JGgJ4Ob V4V1siTnfJkqN6fghEw/eyZ5qLeyB+Z821fCl8cRBHMo1YmdHozGW+Mpt3HXP/Ti L9kVPfg/vGj6iN4O3VRnS1qseaM64QaoJOK+STJJZhTC3oytMpM+Y462MY2bs9J6 0Yn9JHKQzGyGLOKQLx3+va/YY41IeXh39Zp9hDCrakc9GnL56/bfdolXdYqgJuR3 bkL+9o4+kAx8wZXXkW9CWphDBtyIjjJPcYN2aJ5wAZW2LYG035WVf0CaF8b+JF9G imVVKz15bpbz77k0pozlgqtwfcGq61NppYcG+UfHgjh31gqSLVrE08CuZOpnWGkE LA/zJCMcaH2yToLmtQpz00vGqXw6cFCiZPLs9vtz8jnzZ0SGEBFws37av2DMjHTz 0WZbm52nSY606thqnJSrpOj6oSWF6VbeuuxjGrHKvmQ/+aLLjDFuXS5ck7xu60Ot lBuhYA/8M4uWTcADnXR8hkG1MIVw+XBPfZ1LN0L37C0119BMURg= =cXN2 -----END PGP SIGNATURE----- --=_zucker.schokokeks.org-26863-1489763133-0001-2-- From nobody Fri Mar 17 11:05:25 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E442612948B for ; Fri, 17 Mar 2017 11:05:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dF4pMkOwibDV for ; Fri, 17 Mar 2017 11:05:21 -0700 (PDT) Received: from st13p27im-asmtp003.me.com (st13p27im-asmtp003.me.com [17.162.190.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC1D61294ED for ; Fri, 17 Mar 2017 11:05:20 -0700 (PDT) Received: from process-dkim-sign-daemon.st13p27im-asmtp003.me.com by st13p27im-asmtp003.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0OMZ00N000VTYS00@st13p27im-asmtp003.me.com> for openpgp@ietf.org; Fri, 17 Mar 2017 18:05:20 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=4d515a; t=1489773920; bh=wKb203J2g+jEsssnwUCaiorP1j0zM441mXY2B8Hk3SE=; h=Content-type:MIME-version:Subject:From:Date:Message-id:To; b=FMg6BI6GFNX83IjjLJG1lPfXHLcu88eq1LDY81bMKvbuyZdVACEci6cRVh4G5+tiY PhX6bB4IP2Nms/CLSMFp00uqLpQUQQ7vfPJG/J8lglCu5ZxeUSZg5OnsvX7SYzJx04 6pAc/3owbkFZOxn5BukTFBSgrzPr5oK1gJrm8Y2lpHGPaWOkftj14FM00HAjRleE3T ekUzjzMYHoeNO3P2F1gtc5prmzfn8AsyfF05gajsOJ68hx3wMDMnj3by0aZa/vN3EG yXzNmXaUH2HAHSPeXA8+8st9VwRQD1qgs707OlLUdCRfOFBttJ6d7HEKgVY/p07u03 bpjHr2H5eryFA== Received: from icloud.com ([127.0.0.1]) by st13p27im-asmtp003.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0OMZ00BV60WTYH50@st13p27im-asmtp003.me.com> for openpgp@ietf.org; Fri, 17 Mar 2017 18:05:19 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-03-17_14:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1034 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1701120000 definitions=main-1703170150 Content-type: text/plain; charset=us-ascii MIME-version: 1.0 (Mac OS X Mail 10.2 \(3259\)) From: Jon Callas In-reply-to: <871stwti3n.fsf@wheatstone.g10code.de> Date: Fri, 17 Mar 2017 11:05:17 -0700 Cc: Jon Callas Content-transfer-encoding: quoted-printable Message-id: <7554DEA8-3298-419F-879F-A29D7881A83B@icloud.com> References: <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> <20170317011757.ymdzyv2clmxsea6p@genre.crustytoothpaste.net> <871stwti3n.fsf@wheatstone.g10code.de> To: IETF OpenPGP X-Mailer: Apple Mail (2.3259) Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2017 18:05:23 -0000 My preference is to use SHA-512. My rationale is: * Fingerprints of keys don't have to be computed continuously. They can = be computed ones and the result cached for a reasonably long period of = time. For every argument about speed on small machines, there's an equal = and opposite counter-argument about speed on large machines. I've pulled = my hands back several times from saying more. I won't unless provoked. I = think the better argument is that speed of computing a fingerprint = doesn't matter. * If we use SHA-512, we extend the length of time before we have to have = this argument again. Jon From nobody Fri Mar 17 11:10:06 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A5F412940A for ; Fri, 17 Mar 2017 11:10:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mrp_YlyP3Xq5 for ; Fri, 17 Mar 2017 11:10:03 -0700 (PDT) Received: from st13p27im-asmtp003.me.com (st13p27im-asmtp003.me.com [17.162.190.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDE1912894E for ; Fri, 17 Mar 2017 11:10:02 -0700 (PDT) Received: from process-dkim-sign-daemon.st13p27im-asmtp003.me.com by st13p27im-asmtp003.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0OMZ00N000VTYS00@st13p27im-asmtp003.me.com> for openpgp@ietf.org; Fri, 17 Mar 2017 18:10:02 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=4d515a; t=1489774202; bh=yyVvIrhjP9KFGA6kavHcIeG8LFALe62/qk6HcnepqII=; h=Content-type:MIME-version:Subject:From:Date:Message-id:To; b=CJWdY+DNGIUMERmHkVFaP1CJtgh30ZnX5hc7p5WZ3lZzSBj0j2n9fyaoN4KKgKVm5 AqAKAHwbzAQqX3s0Bl3vVILgVyaEth1xbsrVYqOO8bD86KP+ThmWdxw1/UzqKRf8lJ m2ssGHUm7NNABTuiSsDW5oaBV0Ls3f5UdYrmI9MX/I241M/OHgj3VfG14D6U2MOOCn AGrW8nhQfbZ98+ZBisLj8EULpFYIB1IlqzqqWceYEee+4PX0TtOdyDzeSXp/vuaQDl qAD4I60yJPWn8wrf11VydtsoCBlYPMz6pIYLIqbgGLHB3paFEmUJVkKTAwFCExqe+U qKsslC2mWjMyw== Received: from icloud.com ([127.0.0.1]) by st13p27im-asmtp003.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0OMZ01B6M14M7O40@st13p27im-asmtp003.me.com>; Fri, 17 Mar 2017 18:10:00 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-03-17_14:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1034 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1701120000 definitions=main-1703170151 Content-type: text/plain; charset=us-ascii MIME-version: 1.0 (Mac OS X Mail 10.2 \(3259\)) From: Jon Callas In-reply-to: <87tw6ss2g5.fsf@wheatstone.g10code.de> Date: Fri, 17 Mar 2017 11:09:57 -0700 Cc: Jon Callas , openpgp@ietf.org Content-transfer-encoding: quoted-printable Message-id: <4F39357D-8D8A-40BB-BFC8-B99ED0A4D801@icloud.com> References: <87tw6ss2g5.fsf@wheatstone.g10code.de> To: Werner Koch X-Mailer: Apple Mail (2.3259) Archived-At: Subject: Re: [openpgp] Deprecate legacy hash algorithms X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2017 18:10:05 -0000 > On Mar 17, 2017, at 2:00 AM, Werner Koch wrote: >=20 > Hi, >=20 > Here is my suggestion on how to deprecate hash algorithms. The new = text > is: >=20 > Implementations MUST implement SHA-256. Implementations MAY = implement > other algorithms. Implementations MUST NOT create messages which > require the use of SHA-1 with the exception of computing version 4 = key > fingerprints and for purposes of the MDC packet. Implementations = MUST > NOT use MD5 or RIPE-MD/160. My only comment is that if you're going to "deprecate" as opposed to = "ban" then the term needs to be SHOULD NOT rather than MUST NOT. MUST = NOT is a ban, not deprecation. I prefer deprecation (SHOULD NOT) over banning (MUST NOT) because a ban = leads either to people being silly about a lack of backwards = compatibility or they just defiantly ignore the ban.=20 Jon From ryru@addere.ch Mon Mar 20 15:11:09 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 678F0129404 for ; Mon, 20 Mar 2017 15:11:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3d9cT-Gaxx4A for ; Mon, 20 Mar 2017 15:11:06 -0700 (PDT) Received: from dohle.xiala.net (dohle.xiala.net [77.109.148.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 084DA1294A5 for ; Mon, 20 Mar 2017 15:11:06 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by dohle.xiala.net (Postfix) with ESMTP id 32EA5121175 for ; Mon, 20 Mar 2017 23:11:03 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at dohle.xiala.net Received: from dohle.xiala.net ([127.0.0.1]) by localhost (dohle.xiala.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GELWQtw7D8e7 for ; Mon, 20 Mar 2017 23:11:02 +0100 (CET) Received: from [192.168.0.17] (unknown [31.10.147.249]) by dohle.xiala.net (Postfix) with ESMTPSA id A47F4121115 for ; Mon, 20 Mar 2017 23:11:00 +0100 (CET) To: openpgp@ietf.org From: Ryru X-Enigmail-Draft-Status: N1110 Message-ID: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> Date: Mon, 20 Mar 2017 23:11:00 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Subject: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2017 22:13:11 -0000 Hi list, For RFC4880bis[0] in section 14.2. {13.2.} it's planned to stick with TripleDES as least common denominator preference for a symmetric algorithm. I suggest to switch to AES128, AES192 or even AES256 as least common denominator preference. These are my thoughts: * AES is a good and more modern alternative to TripleDES * AES has wide HW support (better performance) * This RFC shall last for a couple of years, a reasonable algorithm and key length should be defined I'm aware of Werner Kochs suggestion for deprecate legacy hash algorithms[1]. In the current RFC4880bis[0] section 14.3.2 {13.3.2} still mentions SHA1 as a MUST-implementation as well as an default hashing preference. I suggest to deprecate SHA1 and remove it as a default preference and switch to SHA256 or even SHA512. These are my thoughts: * SHA1 is broken * This RFC shall last for a couple of years, a reasonable algorithm should be defined I also broached this topic at the GnuPG mailing list[2]. Best regards, Pascal [0] https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-01 [1] https://www.ietf.org/mail-archive/web/openpgp/current/msg08807.html [2] https://lists.gnupg.org/pipermail/gnupg-users/2017-March/057882.html From nobody Mon Mar 20 16:13:43 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C7AB126D85 for ; Mon, 20 Mar 2017 16:13:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.447 X-Spam-Level: X-Spam-Status: No, score=-0.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xDOlNSp50Pj for ; Mon, 20 Mar 2017 16:13:39 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7406B127077 for ; Mon, 20 Mar 2017 16:13:39 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 9AAC3E2039; Mon, 20 Mar 2017 19:13:37 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 24812-01; Mon, 20 Mar 2017 19:13:35 -0400 (EDT) Received: from securerf.ihtfp.org (50-250-227-93-static.hfc.comcastbusiness.net [50.250.227.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id EB65CE2043; Mon, 20 Mar 2017 19:13:34 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1490051615; bh=X8+k4AHcP3TJ9SC19t91jtE3wm/tWW5YimV4ru4ASN4=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=ZrvrQC1D6JUdCo66swnHpMU1OkK90kGIrzgwVZ4kQDDrhFDYosSS2VFHjrUxb6ULs 9HccoTQ25OUFqNpouqKRCDn8n2lLfyWpzwHIKErqHHc7pYhVUDEIbEDQs6n4P+ifvf 1jiPlfbqs1s13c4/ZlmuN7H4XgeUfkcOATLDBdtk= Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.14.8/Submit) id v2KFYf3h020250; Mon, 20 Mar 2017 11:34:41 -0400 From: Derek Atkins To: "HANSEN\, TONY L" Cc: IETF OpenPGP References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> Date: Mon, 20 Mar 2017 11:34:41 -0400 In-Reply-To: (TONY L. HANSEN's message of "Thu, 16 Mar 2017 17:25:38 +0000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2017 23:13:41 -0000 Tony, "HANSEN, TONY L" writes: > (This is probably old info for some of you.) > > From my analysis, the difference in speed between sha2-256 and > sha2-512 is directly because of the use of 32-bit arithmetic vs 64-bit > arithmetic. The algorithms are essentially identical, not counting the > underlying constants. On machines where 64-bit arithmetic is faster > than 32-bit arithmetic, sha2-512 will be faster than sha2-256. On > machines where 32-bit arithmetic is faster than 64-bit arithmetic, > sha2-256 will be faster than sha2-512. That's nice. I'm working on systems which are 16-bit or even 8-bit wide, with clock speeds in the single or low-double-digit MegaHertz. Yes, I'm running (parts of) OpenPGP in these environments. This is why I'm arguing for SHA-256. Because sure, if you're running at 2.4GHz and you need to take an extra million cycles you'll never notice, but if you're running at 16MHz ... OUCH. > On 8-bit or 16-bit machines, > you=E2=80=99re going to be emulating either 32-bit arithmetic or emulating > 64-bit arithmetic; usually the 32-bit arithmetic will be faster. :-) Exactly. So what's the actual wall-clock difference of 256 vs 512 on an Intel 64 running at 2.2GHz? Well, just for kicks I decided to run an openssl speed test on my laptop (Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz) and this is what I get: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 byt= es sha256 79196.40k 177603.09k 319138.68k 406628.35k 438559.= 68k sha512 51763.29k 206704.67k 366123.95k 555307.69k 647932.= 40k As you can see, sha256 is faster on small inputs, but by 64 bytes of input sha512 gets to be a tad faster. For what we're talking about here we're probably between the 64 and 256 byte marks, where they look pretty equal on this nice, cushy 2.7GHz 64-bit i7 CPU (177-319 vs 206-366 MB/sec, or kB/ms). So basically, assuming 100B of data to be hashed, we're talking about 349-403us a 15% speed difference (only 54us difference). I don't think anyone would notice an extra 54us. Alas, I don't have an MSP430 at my fingertips to run a similar test, but I suspect the difference is significantly more. For one thing the clock speed is only around 16-24MHz, not 2.7GHz. To make the math easy, let's call it 27MHz. So all else being equal (which it isn't, being a 16-bit platform and not a 64-bit platform), accounting *JUST* for the clock speed we're talking a 100x speed difference, or 5.4ms. But of course all else ISN'T the same, so we probably are talking a good 20-50ms speed difference, which *IS* noticible. I'll see if I can get some actual numbers on the MSP430, but I'm traveling the next couple days and don't have my dev board with me so it might not happen quickly. But even if we agree that the difference is only 25ms, I'd rather save that 25ms on the MSP430 at the expense of 54us extra on a 3-year-old Intel laptop. Sure, if everyone is running Intel 64 I wouldn't question the choice. If the difference between was under a millisecond I wouldn't care. But that's not the world I'm living in, but it's the world I'd like to deploy (parts) of OpenPGP. I'd love to have a 32-bit system running in the GHz at my disposal. -derek --=20 Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Mon Mar 20 16:15:04 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC909126D85 for ; Mon, 20 Mar 2017 16:15:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.922 X-Spam-Level: X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A1LKXoOW7QFm for ; Mon, 20 Mar 2017 16:15:00 -0700 (PDT) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0137.outbound.protection.outlook.com [104.47.41.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67F37129401 for ; Mon, 20 Mar 2017 16:14:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=waffaBmbx131CvD9/LTx8Cbuo/QcHnL2fcQTMzlqgVE=; b=A279e2Ci7Py5F1JjIR+UdaIum3ohf5EC6UmjkZteigwJqp0OpGRWHHZmFgW7iQcZOkPMxY0dd0f3N+QViJqxeJ7MChfUcSPj44Zfb1POaHiknmeC/ODUWcN7bGMT8WGqL8M3KeYHGPOmbGXj0hBcnfqV+fEU04o1ZPBZXwSwoRk= Received: from DM5PR05CA0020.namprd05.prod.outlook.com (10.173.226.30) by SN1PR0501MB1757.namprd05.prod.outlook.com (10.163.130.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4; Mon, 20 Mar 2017 23:14:58 +0000 Received: from BN1BFFO11FD019.protection.gbl (2a01:111:f400:7c10::1:159) by DM5PR05CA0020.outlook.office365.com (2603:10b6:3:d4::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4 via Frontend Transport; Mon, 20 Mar 2017 23:14:58 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; addere.ch; dkim=none (message not signed) header.d=none;addere.ch; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BN1BFFO11FD019.mail.protection.outlook.com (10.58.144.82) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.977.7 via Frontend Transport; Mon, 20 Mar 2017 23:14:57 +0000 Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Mon, 20 Mar 2017 16:14:56 -0700 Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v2KNEthS024089; Mon, 20 Mar 2017 16:14:56 -0700 (envelope-from mdb@juniper.net) Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 760E31148B; Mon, 20 Mar 2017 16:14:54 -0700 (PDT) To: Ryru CC: In-Reply-To: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> Comments: In-reply-to: Ryru message dated "Mon, 20 Mar 2017 23:11:00 +0100." From: "Mark D. Baushke" Date: Mon, 20 Mar 2017 16:14:54 -0700 Message-ID: <52027.1490051694@eng-mail01.juniper.net> Sender: MIME-Version: 1.0 Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39450400003)(39410400002)(39850400002)(39840400002)(39860400002)(2980300002)(199003)(189002)(9170700003)(81166006)(5660300001)(8936002)(53416004)(8676002)(2950100002)(6306002)(6246003)(117636001)(7696004)(106466001)(76506005)(48376002)(55016002)(105596002)(6916009)(4326008)(86362001)(2810700001)(189998001)(7126002)(6392003)(356003)(110136004)(47776003)(6266002)(38730400002)(305945005)(7846003)(53936002)(229853002)(2906002)(54356999)(5003940100001)(50466002)(50986999)(76176999)(77096006)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR0501MB1757; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD019; 1:s8AbaHJC7XtJ4xmu/y5WuIYg0AHc7NkUWXzpjHmk59fSTkEtRqPSytf+EluuPAkpfqArxwKr9MKSuiUmGX1/s9UCPoJe5MUAYTt9bJpiPTPrz/kqUqr/jPnQnukwYF1q0y86TRZt0JkXi9d+lvmyBMr0OOIKRC5lMvJnjbNL0XTyYjptOkWMFcEnUHM87MXbHm5a7cOwjzcFDJbe28rDMKNFE+gOQAIKR0gxcnRkueO+05ZIm52JPQj53kMzSMfWZGQN9XudDABOvZehdNEOvqhg37HRRv91NEN+ks2pp9Gwcgdm4N3nWnhspad06kdZmgwSSdLOeuvHub80VdSl9poaIhKR/u1kjqyL5s3TciIVG7WHONFNYE/J9nUsRYwzS3lJIX2v88pohS5isC8X6Lcmqy3ajd+1iksbAPsUloGdKggZahed+eYaW3Elyuwr2pyUdbBXCIp8lA+NdXtE3U9YAnnM5o8npDwvY7AHGZASY8TB3Zzz4crXjihnlIe6UbHWqWzKmGU1vy3CxBKFnEv0piA6/tBtydPXphQC4Hw= X-MS-Office365-Filtering-Correlation-Id: 71270fb4-81d9-4205-b9c2-08d46fe6ed73 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075); SRVR:SN1PR0501MB1757; X-Microsoft-Exchange-Diagnostics: 1; SN1PR0501MB1757; 3:OSxPe+AqrClQyNMcRM/cuty4bldKtHg8qZuUwQfirZTb4eg/UHzbYgMGd02hdePRIBMlvXFecp7ocRhR5cDWzmzkF7DcVDmyl4K8al2RiATJng9nyOOc2syXq1o7npuesb9CwWR7U3pV/2qx0AWPVSSjh6OKVTPWvj7LuU+yIsnCkAgx7W+zZb3QT+tjADaWiWr+1TSAPeY2vrv1H1hoN0z22pCK9rKVHTukrYPtuilaznfOp8H7vJyKKctAb1HfE7Jn7XhwALIE580kxBcmCVvc4K2/ypjArRSKO4d0j/aYgiebb8jXHfgmPEUftK/Y5R0/ltkmfQ6L+ngWzXN2EsLCX2+mbyRwjOCRlX8bvW9WebR5jc/KNwmlWD6WZUm6DBSJg5GN7b88Lm3sNiklOg==; 25:FVDDJ7piKwmaA1v2bKqGb4e7AKI9/kQIrUjg+LpPNmEksQolc4WV7ZrNrjS2n+kHbYtxvJrWzBoz8hzPZvaziDECqNQXBONOlK5EhtXeS5UgjmOXUNSoEJ5wEPzeN6EW5n2q9LgNxV2ixT31vnLowmcEvk6x6e0X3uiQZhvY1ebCdfBlMVkeZ1ByiTJTyrkUNapsNGRz8oQfiku2PjmRJs4idXjSqA9iXJJfNM+OGrueg1vKAIJP8gDhiM/BxWpT9V4wdWDSuP4QCTpVI4hj3UfimVRfdmNuOSaPLpB4d5JnzWlRgJzGYd4yJv43IhX/KX0eNeq39d5MX0hzfA5P+urIbZJhhGIJM7BHg9eK2JtGBmRxbfhIiu+3UVutC5zUKTwXUiu1w5N593UsPsoIWiM1SxwJ912iWkl3YcJWIwNzE0fDDK5wXJzM5B4kE5woej7Zh/CyeKhb5IrmpTCyEQ== X-Microsoft-Exchange-Diagnostics: 1; SN1PR0501MB1757; 31:PFnfgtXhIQ8C5Y7HI8akTptXonAXO3XvY2HUqS2tN8CrnPfNnilW2FNZ3Pw8OkPS18Y0bx3FcMHVazUstxN3o2BU0oCdquJecfchH/fODqH4cTZa2bHlKRcxU9IYDm47zb7dU04R4F7uZhwSWBIbbWpNDSYTovoltVjEshKJJhppzXZBPJt/fg9SZDo9DwIelUOWXKlvOC9ID29IKOlqkgqxBSCKEverUkYkXoXgeQYOYhgwKyAlmRZUDyAjIHBmpKGOaKIRandcuBERo9+djA==; 20:b3YA786HFfstBDJEJPVPCxNHsCbNwWLvv9c2xE+jzY/WmxdejOSRokmIPvbgkCuBKH//hS2cUoDEvqK7C7rQ7ocoUW0+ZruqWm8CkBRSl4n07oH+ay3Te9bJRXbaMFDW8ISLYlwJ9xYGrvWl6goa0Wmi23vFGHs4hmMwpVpHhjYBLfdADLOom26ROAvtM/NObp3vAAtcQMVUkIjKMgys/neuxuCYl3YoXKO4i38W/cGAkGyWBcj8qoZdNO+kXdd/h60OLCFbWqQbkOS7gMgFf8zETuc/xWar6y5YCHVZ/stpkSldYWNC3fCKlD4BkEgvY+iOl9c5rfuH9UaLpqbtNDj49Q0m9oFnXO0tAEvgkcm8l+n+wMGrPx1NEyZnXpaBE7D4Y651YComowkU9WxSeaHeEfUuC8hqb8Y0HRLmUW2bnoSeUmGCoXNCPkhkvG1nVisPu1dWgQzNO58Reb7pjx0Ufwb3WWXYoPk1XP1HUK0gsojiZzGhBX4V7x/Xx7Us X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(13023025)(13018025)(13024025)(5005006)(13017025)(13015025)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123558025)(20161123555025)(20161123564025)(20161123562025)(6072148); SRVR:SN1PR0501MB1757; BCL:0; PCL:0; RULEID:; SRVR:SN1PR0501MB1757; X-Microsoft-Exchange-Diagnostics: 1; SN1PR0501MB1757; 4:GZiHxQGfqGb/VIaU2FwhO7F9Yy5UbnqLQH7to/NRL0jndZlm6uVnEEhQ5onZmzfQCo9/U3nA1mwaJXEHwteMEshh6Nh5fzezlfnqEdljm8+5mFscpJvCSffIYEHtL3+5mc4CwyH8NNAsf0uoLk5YvIBkxPKkqXXLp/fiYyE/Q6dBvhFM0M+88M7h3cQoW7N8ttwQCWHLp/jlbzJ0bNh3ryZK/j5z/83o9aQOg2NeacQ9DVxJKyGXPjjR7t7LtrdeoS/Zf5iV0L50iGze3+eWPc8SBZzUfBIsQFFlHId48AYsRW/jluX0QYqj6P6fGGGBWakZX8QI1DZsLBC8N9xaE9fkz3Pf35Y1Md2kvOPjfCeca51R06Wxy0r/s0ov2wzMYqYP9y0MloF9eGD7ZMC87m55NEoPj+zcJvuCDEwKZSvWxoR2Rv/OCP/RcwnW8XZkoeXH8Eh3cT3MvQApFbqrngZkiTd4lDChzLUbZrDIX8o3lK5foaKrQNoBSjyWtACEzFHgUrFKXVuwxjog/yeC/arB7B14Q6uWYovAjS/Mc7H2mcqZ3jFuSQKl0qx7v7o9GneMkpR1ZVj7EBPgCMPFsdf69KiM065fhw9EAEU+y9v4ecu4IOaD9nQyfrDSfZn6d28wJlDrBfpDLQnc4SOEAli4pWNpQxaET9p3ueE6UoaOwZxHdhoVo6ByB6YiQhFpS8cAip9IcfhGTDAuwCKeqg== X-Forefront-PRVS: 02524402D6 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR0501MB1757; 23:KRDFTREvvce/r0mYQf/SMJ1VbRSdbavICF44AEr?= =?us-ascii?Q?UnAVxTz+ucASz63hYwEv/ohuj6BqPvn0vJiYwsJ4Dk3B+wF7gwI+XhdEoImP?= =?us-ascii?Q?LzQoGt9pKOU/P5byMSPfyNRoNeUtPKeZyED8iPN/uSy1Fy0l3N76JP6EXQjl?= =?us-ascii?Q?B6xDWo3fa+YQwAUf6C3kkQFKQtXSOM/9WquyYAvK1Er3uI6H3QhBC+zFolyT?= =?us-ascii?Q?L+n2jnPMyVinK9SF+bjtBH0H/EeZwCoecApHeKFkZmGeXvcaeVF6GcqypmJe?= =?us-ascii?Q?42tsoBXSHLoTa8eN34Uoa0LKtnznxVI6/sIaImEmeC72NMoUCPZv929wHJNH?= =?us-ascii?Q?TjEkt4TQJW0FOJ1VX5hCMJDWFm6NDwph7JccNK+Z0bmdZipvjIqzCw4watWk?= =?us-ascii?Q?z3fVCzAkA1F/3ATZ5XuhEpwXeSDpXs4oFO3NsTkP1JBRpXfIdqDc1639562i?= =?us-ascii?Q?TNPa4JHQoXmWKCrSfk/jjWXxLk/Eo3uARaK9lAIoi1RSKWtsihBA0FXCWC0w?= =?us-ascii?Q?QaSP4HJ0BZm0/M3G7F0vRHVL/EdPDauOo6J4o68CwWEXxQ/WIwITLHsiA4Ug?= =?us-ascii?Q?+VhBOKOHk+9k2Zu7HHn49EOC27F0RmXoRBoHx6LB9qPK6IyZgmmN4FpXFxYf?= =?us-ascii?Q?cdXXL+/dkILXC7VxDth5UNbPC3rgB3PVhoyzwfwRNO1ZFm1dsub6FFpiA+G1?= =?us-ascii?Q?wf862v1WJLLHixDVgs7DYVls3/97ZsTMTUdxJT+DIBz//WoLOt/cvldEHTyE?= =?us-ascii?Q?lycAvAhlxXI2HhDglODuyymLca9yaZC3sCGF1+CHyrehhSmt6Ee6jxrfCiQT?= =?us-ascii?Q?VG9toZJ49C+JLhJNP3jGEe6KvMwoEXr2/I97W0DPWTwFk5sy802iekL9UayO?= =?us-ascii?Q?yhQMyrvR5zIV0EAhLW8O0Ih19zJhZa2q0/SU8/IbxeI04ZJgNehapFz0S4Tz?= =?us-ascii?Q?YdZcQpyM2s7s+xJQSVGU/6Ty79be58XQr9KWHhmu5HsvvVZgZs+O4UOKMy64?= =?us-ascii?Q?+Oc64Mv7WW1ON/C+caT8pXJv+k/ml2FcJU/pyuWxtEDYUGSUCH8QfLHORgAL?= =?us-ascii?Q?aXz5PvLMtn3NOssVFmWpLg0QQgLVSOMsH6aEdDykR2KSiEOGVNz6jiy8g8va?= =?us-ascii?Q?cXXbD/+wYi2lYxYoGQwlG257hAdWZsCyXr1wD6gi4qJDBPGmSmkc36W0Y976?= =?us-ascii?Q?aFI6wCpU5ymGcvHmAqwJ/a/ZoKSA3J97+3FkM?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR0501MB1757; 6:lqNCDM4bxdPdRo7PF9orzCbFJOVkocTYsNMEms/kqV/pbjdWqitBHbkyTW3Ky3QjeTOOxfXhZRIUwVMM9TeLbhOo3Ah4MPLhx+p9j6BCmzabYKaY9Y/7QQ+DKvseRdEYhLQUem8e4uyDWdweJQ3rIq9PzDwZOWXV42e65DLdyMi4A8Rui3/hHf8Z6nUOOpG3EQp7Zbuc63SD8Tfn6exTg2aZCgdoLUoJPLOp6GFRgtum9qFzI5YvU4ThC8PZDHnYNxAz+j/SgWFhRzf+yh60FVSY/Gi8WKYas9nOi3Ir9nPXyRwCtQwKqI6J1ziLJ0uBRtHJGVzBBt/iNHBwQeJa7DYLlItMuV/1DN/h08kk+x+yTfzXMpnGbcZelRYrBNKwYubRZpjDXvwRr2Vz184huYqUnqBZskRHCvrjTCNmxwE=; 5:px7bkGClnED9U0dwRe+9GG82qyUCQiMxFXbAS2bCunssBNIot93UFdCq1460p8F1rrcwwa9T9z/VZvIm+NJRQf+jux2MIqtHsDUYiyj8pLm6cn97q9QFNZjhLHbJ6lpLfNFeiQKdr1SyVFevixaejA==; 24:wUbVA7zVrJD2ua/uV6qawUgekeylSPK7QX4xWAr1JVZHS1F7st1kkDcZ5RJlbN0Qg2WTmH+kPYvef2ZXezyOeyxzKsZ9uxtkDDebmr7HWcE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR0501MB1757; 7:PX4W9txGTS29RAVEPrJrJI4Bb2UYkqvDKzPn0TOrDoV4VTVE3z4PTEOwrWSKswTIl5Emvtu+zTMq4fqpjUyKaE5/cRhkoQRBlm0sXWLsp+j5iYKr7OogYWvDhIrILgu6Pjz3LfZgvpxsyHgzSvBi+hobnY9LW3wfm9wc6d1MZ+pHxDZqmaXXJ/xDeObH1e9/+WDFbtN2CKzLhFub5m4g29DatDbNzj83P+Th0rNezmh8/+uOUqVTmw8lV7I5Xs6o5KJBbX8ITpWXPeKkpU8kvZhUPUeDxJHrsbw+WDZyKtu5Qnxou6oVcDkm5jHGg4nXBehc70BGsGb+9FJSIcaF2Q== X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2017 23:14:57.9284 (UTC) X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR0501MB1757 Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2017 23:15:03 -0000 As an editorial remark, it would be nice if rfc4880bis were to use a consistent representation for the secure hash algorithm families. SHA1 is sometimes written as SHA1 and sometimes written as SHA-1. I will also note that "SHA224" "SHA256" "SHA384" "SHA512" "SHA-224" "SHA-256" "SHA-384" and "SHA-512" might want to be more completely specified as members of the SHA-2 family [FISP180] by using the tag "SHA2-224" "SHA2-256" "SHA2-384" and "SHA2-512" as the algorithm name in section 9.5 as compared with members of the SHA-3 [FIPS202] family of algorithms: SHA3-224, SHA3-256, SHA3-384, SHA3-512 (noting that the SHA-3 family are NOT YET a part of rfc4880bis). https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-01 Suggested update to section 9.3: ----------%<----------%<----------%<----------%<----------%<---------- 9.3. {9.2} Symmetric-Key Algorithms +-----------+-----------------------------------------------+ | ID | Algorithm | +-----------+-----------------------------------------------+ | 0 | Plaintext or unencrypted data | | 1 | IDEA [IDEA] | | 2 | TripleDES (DES-EDE, [SCHNEIER] [HAC] | | | - 168 bit key derived from 192) | | 3 | CAST5 (128 bit key, as per [RFC2144]) | | 4 | Blowfish (128 bit key, 16 rounds) [BLOWFISH] | | 5 | Reserved | | 6 | Reserved | | 7 | AES with 128-bit key [AES] | | 8 | AES with 192-bit key | | 9 | AES with 256-bit key | | 10 | Twofish with 256-bit key [TWOFISH] | | 11 | Camellia with 128-bit key [RFC3713] | | 12 | Camellia with 192-bit key | | 13 | Camellia with 256-bit key | | 100--110 | Private/Experimental algorithm | +-----------+-----------------------------------------------+ Implementations SHOULD implement TripleDES. Implementations MUST implement AES-128. Implementations MAY implement CAST5. Implementations that interoperate with PGP 2.6 or earlier need to support IDEA, as that is the only symmetric cipher those versions use. Implementations MAY implement any other algorithm. ----------%<----------%<----------%<----------%<----------%<---------- and suggested update to section 9.5: ----------%<----------%<----------%<----------%<----------%<---------- 9.5. {9.4} Hash Algorithms +-----------+---------------------------------+--------------+ | ID | Algorithm | Text Name | +-----------+---------------------------------+--------------+ | 1 | MD5 [HAC] | "MD5" | | 2 | SHA-1 [FIPS180] | "SHA1" | | 3 | RIPE-MD/160 [HAC] | "RIPEMD160" | | 4 | Reserved | | | 5 | Reserved | | | 6 | Reserved | | | 7 | Reserved | | | 8 | SHA2-256 [FIPS180] | "SHA256" | | 9 | SHA2-384 [FIPS180] | "SHA384" | | 10 | SHA2-512 [FIPS180] | "SHA512" | | 11 | SHA2-224 [FIPS180] | "SHA224" | | 100--110 | Private/Experimental algorithm | | +-----------+---------------------------------+--------------+ Implementations SHOULD implement SHA-1. Implementations MUST implement SHA256. Implementations MAY implement other algorithms. MD5 and RIPE-MD/160 are deprecated. ----------%<----------%<----------%<----------%<----------%<---------- Plus changes to 14.3.2: ----------%<----------%<----------%<----------%<----------%<---------- 14.3.2. {13.3.2} Hash Algorithm Preferences Typically, the choice of a hash algorithm is something the signer does, rather than the verifier, because a signer rarely knows who is going to be verifying the signature. This preference, though, allows a protocol based upon digital signatures ease in negotiation. Thus, if Alice is authenticating herself to Bob with a signature, it makes sense for her to use a hash algorithm that Bob's software uses. This preference allows Bob to state in his key which algorithms Alice may use. Since SHA256 is the MUST-implement hash algorithm, if it is not explicitly in the list, it is tacitly at the end. However, it is good form to place it there explicitly. ----------%<----------%<----------%<----------%<----------%<---------- -- Mark From nobody Tue Mar 21 00:18:10 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C877C129478 for ; Tue, 21 Mar 2017 00:18:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hF2_QvVRLftW for ; Tue, 21 Mar 2017 00:18:07 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C201B129572 for ; Tue, 21 Mar 2017 00:18:07 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cqE3R-0002ib-Eq for ; Tue, 21 Mar 2017 08:18:05 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cqDz0-0001qS-Ni; Tue, 21 Mar 2017 08:13:30 +0100 From: Werner Koch To: Ryru Cc: openpgp@ietf.org References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Ryru , openpgp@ietf.org Date: Tue, 21 Mar 2017 08:13:24 +0100 In-Reply-To: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> (ryru@addere.ch's message of "Mon, 20 Mar 2017 23:11:00 +0100") Message-ID: <874lynnluz.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=colonel_bootleg_Commecen_JPL_kibo_fraud_Elvis_counter_terrorism_Nort"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 07:18:10 -0000 --=colonel_bootleg_Commecen_JPL_kibo_fraud_Elvis_counter_terrorism_Nort Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 20 Mar 2017 23:11, ryru@addere.ch said: > For RFC4880bis[0] in section 14.2. {13.2.} it's planned to stick with > TripleDES as least common denominator preference for a symmetric Nope, that is for sure not the case. We are incrementally reworking RFC-4880 and have not yet reached the algorithm selection. I merely started that with my proposal to make SHA-256 mandatory. Frankly, there are more important and controversial things to do than the algorithm selection. Thanks for your reminder. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=colonel_bootleg_Commecen_JPL_kibo_fraud_Elvis_counter_terrorism_Nort Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWNDSlQAKCRD/gK6dHew1 jfatAP0Z1ZVY3QO6QdiACBUhaJSeRjUpj3t1IbILs/BycsPkggD/SRlWzj/HvG5Y ZfLbQ8d+K0STznzVRRKY0uhc2H2KkgY= =/Urh -----END PGP SIGNATURE----- --=colonel_bootleg_Commecen_JPL_kibo_fraud_Elvis_counter_terrorism_Nort-- From nobody Tue Mar 21 00:23:10 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57CE912957A for ; Tue, 21 Mar 2017 00:23:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nuizx07Ee0-u for ; Tue, 21 Mar 2017 00:23:07 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1A6A129572 for ; Tue, 21 Mar 2017 00:23:06 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cqE8H-0002nC-FO for ; Tue, 21 Mar 2017 08:23:05 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cqE2D-0001sS-3a; Tue, 21 Mar 2017 08:16:49 +0100 From: Werner Koch To: Jon Callas Cc: openpgp@ietf.org References: <87tw6ss2g5.fsf@wheatstone.g10code.de> <4F39357D-8D8A-40BB-BFC8-B99ED0A4D801@icloud.com> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Jon Callas , openpgp@ietf.org Date: Tue, 21 Mar 2017 08:16:48 +0100 In-Reply-To: <4F39357D-8D8A-40BB-BFC8-B99ED0A4D801@icloud.com> (Jon Callas's message of "Fri, 17 Mar 2017 11:09:57 -0700") Message-ID: <87var3m74v.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=counter_terrorism_doctrine_Maple_BLU-97_A/B_Cocaine_9705_Samford_Roa"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Deprecate legacy hash algorithms X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 07:23:08 -0000 --=counter_terrorism_doctrine_Maple_BLU-97_A/B_Cocaine_9705_Samford_Roa Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 17 Mar 2017 19:09, joncallas@icloud.com said: > I prefer deprecation (SHOULD NOT) over banning (MUST NOT) because a > ban leads either to people being silly about a lack of backwards > compatibility or they just defiantly ignore the ban. Good point. I am also fine with SHOULD NOT. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=counter_terrorism_doctrine_Maple_BLU-97_A/B_Cocaine_9705_Samford_Roa Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWNDTYAAKCRD/gK6dHew1 jWBdAQD3IoCdQ24luFe2zIe0BkMlSJD/pVBeXhPv8TdNn9GrtgD7B9dUd/97eNVC 407Swsv+HFndCVZC9GLC2vzgniPbHwA= =zdkB -----END PGP SIGNATURE----- --=counter_terrorism_doctrine_Maple_BLU-97_A/B_Cocaine_9705_Samford_Roa-- From nobody Tue Mar 21 00:23:16 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6068212957A for ; Tue, 21 Mar 2017 00:23:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DREasUkpdcUq for ; Tue, 21 Mar 2017 00:23:08 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C291129573 for ; Tue, 21 Mar 2017 00:23:07 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cqE8H-0002pT-NM for ; Tue, 21 Mar 2017 08:23:05 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cqE15-0001ri-4j; Tue, 21 Mar 2017 08:15:39 +0100 From: Werner Koch To: Hanno =?utf-8?Q?B=C3=B6ck?= Cc: openpgp@ietf.org References: <87tw6ss2g5.fsf@wheatstone.g10code.de> <20170317160530.45a9cbeb@pc1> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Hanno =?utf-8?Q?B=C3=B6ck?= , openpgp@ietf.org Date: Tue, 21 Mar 2017 08:15:38 +0100 In-Reply-To: <20170317160530.45a9cbeb@pc1> ("Hanno =?utf-8?Q?B=C3=B6ck=22'?= =?utf-8?Q?s?= message of "Fri, 17 Mar 2017 16:05:30 +0100") Message-ID: <87zigfm76t.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=Rule_Psix_Forte_e-cash_eavesdropping_propaganda_kibo_Tony_Blair_Unit"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Deprecate legacy hash algorithms X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 07:23:09 -0000 --=Rule_Psix_Forte_e-cash_eavesdropping_propaganda_kibo_Tony_Blair_Unit Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 17 Mar 2017 16:05, hanno@hboeck.de said: > I'm wondering: Should there be a clearer distinction that this is for > creation of messages? IMHO this is more an implementation issue than something which needs to be done in the standard. Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=Rule_Psix_Forte_e-cash_eavesdropping_propaganda_kibo_Tony_Blair_Unit Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWNDTGgAKCRD/gK6dHew1 jXLqAP9bnsx+F63r9Kzk6coenHufWxaIgOcDp4LGL0Y02XDk4AD9G/WLHCorw6Dj Dpw6Q+sF8VCpqiz3Mg5yjVrYkwI9HQA= =NLI4 -----END PGP SIGNATURE----- --=Rule_Psix_Forte_e-cash_eavesdropping_propaganda_kibo_Tony_Blair_Unit-- From nobody Tue Mar 21 00:53:10 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F20E129644 for ; Tue, 21 Mar 2017 00:53:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pXLVVH60-7T0 for ; Tue, 21 Mar 2017 00:53:08 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE17712962F for ; Tue, 21 Mar 2017 00:53:07 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cqEbK-0003Ht-2n for ; Tue, 21 Mar 2017 08:53:06 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cqEWS-0002ZL-EB; Tue, 21 Mar 2017 08:48:04 +0100 From: Werner Koch To: "Mark D. Baushke" Cc: Ryru , openpgp@ietf.org References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "Mark D. Baushke" , Ryru , openpgp@ietf.org Date: Tue, 21 Mar 2017 08:48:04 +0100 In-Reply-To: <52027.1490051694@eng-mail01.juniper.net> (Mark D. Baushke's message of "Mon, 20 Mar 2017 16:14:54 -0700") Message-ID: <87pohbm5or.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=AVN_Leitrim_JFK_Manfurov_bullion_Maple_domestic_disruption_ASDIC_PLO"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 07:53:09 -0000 --=AVN_Leitrim_JFK_Manfurov_bullion_Maple_domestic_disruption_ASDIC_PLO Content-Type: text/plain On Tue, 21 Mar 2017 00:14, mdb@juniper.net said: > As an editorial remark, it would be nice if rfc4880bis were to use > a consistent representation for the secure hash algorithm families. > SHA1 is sometimes written as SHA1 and sometimes written as SHA-1. Thanks for this suggestion which I pushed right now. I have not yet looked at your other change requests, though. Except for this: > 14.3.2. {13.3.2} Hash Algorithm Preferences > Since SHA256 is the MUST-implement hash algorithm, if it is not I changed this from "SHA-1" to "SHA2-256". Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=AVN_Leitrim_JFK_Manfurov_bullion_Maple_domestic_disruption_ASDIC_PLO Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWNDatAAKCRD/gK6dHew1 jTZ6AQCobtk0/0yqaJKBiWJmyL46j9fGPfmCDkUvqHy6oXvY/QD/QofRNVCjc+3j EC5lMy05mGUyW/a7ljTiuzulRJ4sLAQ= =L0PY -----END PGP SIGNATURE----- --=AVN_Leitrim_JFK_Manfurov_bullion_Maple_domestic_disruption_ASDIC_PLO-- From nobody Tue Mar 21 06:21:44 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59A7B129871 for ; Tue, 21 Mar 2017 06:21:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.921 X-Spam-Level: X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4ys-RI6TuT3 for ; Tue, 21 Mar 2017 06:21:40 -0700 (PDT) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0138.outbound.protection.outlook.com [104.47.42.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CBF1129890 for ; Tue, 21 Mar 2017 06:21:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4e8aXWAhU2jDLzMJ1hNBGYZPRW0l8ZObZEsBt1/ZgVs=; b=NCSorwbpZGwanRfneln2xa6hIQ/Ov9ZrmwOgjf6Vu5c9Q2h4hInYQDQlVhX6Esl33SjKcg5h+cwrrpFfV97Cso+f2zX6VqX3NFQtVmKIDp1V2hJnj74FDCE8y6F8IgoHRFuM0rfzR6ElU9APZ2eBOI7wOtultcA5n9CKsCgQ1L4= Received: from CY1PR05CA0041.namprd05.prod.outlook.com (10.166.186.179) by CO1PR05MB313.namprd05.prod.outlook.com (10.141.69.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4; Tue, 21 Mar 2017 13:21:32 +0000 Received: from BN1BFFO11FD033.protection.gbl (2a01:111:f400:7c10::1:192) by CY1PR05CA0041.outlook.office365.com (2a01:111:e400:c5a4::51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4 via Frontend Transport; Tue, 21 Mar 2017 13:21:32 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; addere.ch; dkim=none (message not signed) header.d=none;addere.ch; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BN1BFFO11FD033.mail.protection.outlook.com (10.58.144.96) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.977.7 via Frontend Transport; Tue, 21 Mar 2017 13:21:31 +0000 Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 21 Mar 2017 06:20:57 -0700 Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v2LDKuiR028684; Tue, 21 Mar 2017 06:20:57 -0700 (envelope-from mdb@juniper.net) Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id C42B01144E; Tue, 21 Mar 2017 06:20:55 -0700 (PDT) To: Ryru , In-Reply-To: <87pohbm5or.fsf@wheatstone.g10code.de> References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> <87pohbm5or.fsf@wheatstone.g10code.de> Comments: In-reply-to: Werner Koch message dated "Tue, 21 Mar 2017 08:48:04 +0100." From: "Mark D. Baushke" X-Phone: +1 408 745-2952 (Office) X-Mailer: MH-E 8.6; nmh 1.2; GNU Emacs 24.3.1 X-Face: #8D_6URD2G%vC.hzU Sender: MIME-Version: 1.0 Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39450400003)(39850400002)(39410400002)(39860400002)(39840400002)(2980300002)(51444003)(9170700003)(105596002)(7846003)(7126002)(5660300001)(305945005)(48376002)(106466001)(50466002)(50226002)(356003)(76176999)(50986999)(81166006)(6392003)(8936002)(53416004)(76506005)(55016002)(2906002)(47776003)(8676002)(117636001)(189998001)(7696004)(2950100002)(5003940100001)(6266002)(6246003)(229853002)(53936002)(77096006)(86362001)(38730400002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CO1PR05MB313; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD033; 1:mfRwvvH7Rv6Yc7DyA0MOZHAgoXjQmvHLf2JCT7YgzJADk6c3BAJ3JvEMi7Kt4/gHtyWrsez/bQxZX2sezd3H/HamhvTYBMxRj0D6YqkCGzRK8i0FGkRJWDi297KxPqw2tW11k1kK/xKJM2TfGO6hh5wRjbA9UthUM0vbgAYQn0Z9QUHOLHu4TP83GVkYd+qROzBug8XNHUMzevO1LgI2FD0cgFs+gTgtfsUgNM+vp2tDWYcGTceT+euy0O3Iay3EoPor6SL/BXQH4Mk/TXq1JyDR0epL1EbTmDi4Wd7mKDjtSgdmGukrvDs8B052HyIAuNQqIFR1j9Mf6bQPJLItdV0bYvXYozle9IQ4kPrSu3ecG1nG3slSzNqVjz/HYCaPYhIXKEcpRCbBqC3qUdizQiKyF8mNk1VnIaL+3wYPuHBn2fiAyEZss2fDgI+X86k95VKpXErKTsfXoHNjmghsUQMyrxGIo7pWvGBHjt4kkM4bRw98iizi5Wb01OJjGRPAwnA7qTNUXmsrpMVQY7Nx3fojxZ4IjP351e+1MwBLuLs= X-MS-Office365-Filtering-Correlation-Id: 20c7307c-cf4c-49be-beac-08d4705d30a8 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075); SRVR:CO1PR05MB313; X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB313; 3:gwwZR9xY4Xks+gl2Lyn2uduHaie9RB55OT4bofiLKAvllqIdyjuv4QuTMuWXjMw1ElTl9OizX4VvqpDbznggyfc1Gzor2VKhtGojoSEyR+12JHxP2VG4opf1I+cgXbe2u2xQOTc4fOKySi/bwlgtipJvZthFbJZ+M9flFYqgjwqH59fcIqmDYQNaHzipWewYWPoUp5uR0wNi6fXeMEAuN+oP+CfusTosuyXyx7NVxu6Rr3eR0pma9IDJeCMt7j4om1671RuYtqBQoDznDnkpxMn+dQ+QP1XbArPnLJMz2OTcjAKH9aqChdoL5FURuIi6ERSe9dSiw0bUoE40BGo1vLz+HnY5Ann/Ef7ijIyUM5KQeJ7jWjf7N/ovNKQiRjccSgG6p+C0zUv7bcAEp7GIdA==; 25:5K3uxzYKzb0DPS1ZwS7/kM2vbU8CjELo/OMB3v7YyBDg9V26bCWAJA9/ktk/ub4RRPNDXwM386S3qw8ZHjrv88AcsAKI/VKK6VSf9s9uRY9QoQNeuLLMwIFDwke5xhu50/RPsFDg1L1ehujJy474zaArgAS0nVav9yzcAgx0g4rw9sWWN2DHwQPxkBStkWVwDCjOmOM5IUiphTC2uTrxQZ5o+a8nyDjQPckkvhLERjNO+rY7fMPZZWVULq6GMpNxfJR6++b2D7Bi4XJ3jo6SZJVzkPPmxzyeRbdTdt+USod7sGb0ejf3C5lQEZdVSOkX3p8K67AOw/CFK2jVAmxtVp6oCQLEEPCJ7cbGPriRPnNm10a4CRf3p1HlHL7z/9EEOqTNnLuABIZuuuj7FOBlmkWszC31wLHbQUmRQ/kU6Nes4IPEPPGXs9apnzpbshfXXkwNfOzQuhyML+Vm5fC+qA== X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB313; 31:/vw4tuN0GVuB/hZWmpOAx4JVicT8CGfT8TLXaZkkw4pR5VmkJw4ksgZTveeCKXVYMqmgqV38cMiHQANvqxYmrrxQtpOqDz65dFD0tRiRiyk9Z51ZbFtqCr1nabBHf+0eNAEUCh5OwgzxLqrd8/yzKe4QERx+HB0ONa9AOyxRULgIXELFbElbHdJQpchGzJI2vnuGWy9adr5lfmg2WchUwUpCPYx8f4CCys3otKotFR3kXDHFYaZReCA2gHT3dUfa3TtthqiZ2/GErJW1FJ/IHA==; 20:u/GzJFskFBE7V8uZWTqEBaJ+O87Cl3KIr/O372pmgcl4kyqUrpWvyBGqgmSsxQjaMglEsvzE4YRbP+I+JtAEaH5jhsdcShgfjErtPW4iaqkeyQW6nrcJsf8DZzx8y/VwclYv5rWgpWtKZtweiZF47lEdh/YvHx/adVoDTmz+eTH3oXGWZIv13lx65NelBRgN0GIGIlcJeqwzn+YfVL79YF9xihWIdW01apJ/dghgyIesMSWYGsjA/iuqdRG0UQSyva1zF2bxd0tInDqvES4yy0deMw4usotvop76NURm2tQUOg7WxPvMpReetcSI8UlzHKlcKjR9SrUZ9cRceMzhX/Fy3JpX2QZUk3RE02MqRrjW+RjCJy2N3q0O19soqtgUcV60ibCRVVFf1u7Omd9Z5q//W7xupOBPrRYQHKAiThRrSiYrohHyI+k4HS1NyKz4e9GoeCEKW736+9VVFqmi/Fizhdgr0lpk5CRItTZAk2V8CqUDSvImMzNksWAAmJSc X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(138986009662008); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(13017025)(13015025)(8121501046)(13023025)(13018025)(13024025)(10201501046)(3002001)(6055026)(6041248)(20161123558025)(20161123562025)(20161123564025)(20161123555025)(20161123560025)(6072148); SRVR:CO1PR05MB313; BCL:0; PCL:0; RULEID:; SRVR:CO1PR05MB313; X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB313; 4:i5c0IRiLq3ZNpwGfHt8Lrd6aynnzFRkgm4KFE5K5wETH7DTP08rMtaW+/7JSs7gUmo35XhbG8xKvpCVLMyOAsudTuD/yJfuaPyjAE5J3oN7ka+v8pjqKeFoZO1yg6TDvIQFdslQpfqSu5r4JafHWp9k4BatyvlnGwXJuYYuDC8TXHC8eX8MldR5T8MsjUemJ/ZERTpA5ojds7bsaMQTCdFTziXzpaX0h0nOakg4qLww2J+VA3w5Zm7RRMScSbk27mNzH67cMQgzXk8nj7HSVEpZznfTI5UVu9tbfELh/brHp78anMtc/bmQMh3ICcZCUSvzH/51/PiqO67N3UYSz1q65f576AcutpclZ+IDQC9fT3dXcITzLos25JYZ+uoW//zH7quDxuzIPsNBPf8V7DN8FdAx9MbbLiN+B0eLw0N9DBdKYFuIA8fvQ/iu1Hvff2htqrTPaArQ1JxP4wTyY3vPxFuEf4wQpkKxju2EtNYgBjlX4a0b7bkjYIzYxgqTaZ3glRI/dYPWhTcl8i2iL3qRkno37r3pMSK84/DVo6AM7hN22qf/Nx/KLB+8A05Ar+OHe/Fy12QQtBmrL1bP4sIQucfElHZtqHUkbkxM5jy9KJE47BypQFqXVzqZg2sxFaccPnnSJuTnQxPw62fo8FMSdNW/wHysKU3pqB6XqtH4witj9eE5XsZJe0UGAML69UoZLDby2FdCYWc1IkXRsXMKWw0iXdPQhHZ/hCHZ9v7KgdgIkXRaNI0j9q9nT7YWk X-Forefront-PRVS: 02530BD3AA X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CO1PR05MB313; 23:8ViNi857J5efbwKLPfjZBKUwvLb+2s+GrWiabtGcJ3?= =?us-ascii?Q?X3xUF4tJzRMeZsrph2ObItgcKAQmTkJIKydwJ1fV763PDPPKditiOZJRUkLF?= =?us-ascii?Q?gqEIhsAQIGSWvEU82H2/nXfbd9QzA5ZqgNX8aD9aS7PoPSp37pkoTzoO9iMk?= =?us-ascii?Q?DYYvaCXD3mDYVX7McDQ5CyNJLpv4XOm1B5KVDFQDTBC+DNhgTvsAEPJijF0+?= =?us-ascii?Q?szYxK82qHGjt7wenv/jVap2QEldWWvvCgcJmnmKuZtF1+q7RUSOXhjZWpkTv?= =?us-ascii?Q?wi6b23oIkNwlAKTkSZiaYJQRA+Znk7CNWFIZTiXkpLJ/dzGKc7hjD3JlEYBE?= =?us-ascii?Q?u9d+HDat4iqdJJbCJaMoEwcuWskh+7wr9E4HJ7oPKFYOFavZdG+vtdGn1/kJ?= =?us-ascii?Q?RfUXp50RhiQSmW37Xjvk9GOp+xmCPwk71eSygPbiRWtldZdvZj9Jz2Xep/Bh?= =?us-ascii?Q?8umCYkNyF3HUjXTvIqMS40obLPX6MG4Rpl4QfQ4vzpZmrRYRUHYfwZaxt1Jn?= =?us-ascii?Q?xBITPxDyVkq4ELqVfH3PqLySFp+XAigZ8FpEYaf74uvuF4XcaYspKkYiN8KZ?= =?us-ascii?Q?/B9r+fPXz4DF15MfD14cCz0mXFStvjTeuT8ZvVkorAxOJxSMf3XM94zJ1B3z?= =?us-ascii?Q?qVAlbBdfxO6XLj3mG27x2GP1JDvMllDFnSyMdrr2wKI8xTijKbx9MwTiBEnH?= =?us-ascii?Q?W1hM4M21AhofcNhRedDxQ2e+4sLDtEIy+ROpGPqmLQasHwOEB5vMLo6ouyiQ?= =?us-ascii?Q?Cx1GivsWEJq/IVpD2yDJd+RLfQHiqKIKQ+lCUrlLvb+MvQ3VWitOu1N5Vz3Q?= =?us-ascii?Q?BdMk0xPlubVIumU9PFTn6cxglHZrfA8HLu7n98cRWBidQdWmpwXT78lp3ID9?= =?us-ascii?Q?s/jYwQBg2WrjHy2TDa3NLwQTrQMRbY79QflzqRgjOxABMX/3nnXZ2qEN9Rpg?= =?us-ascii?Q?m+YP1qmxrnGyy8rYCd5R2dxUzyfZSzGIITKOnAv8dK0fK93x8HAjYkfhgd0O?= =?us-ascii?Q?NJkYOzSJJAcm67UzqXfaxe8GVZlFiKCGgbNKwzxCgFt+wSvwzbheupiBxvGV?= =?us-ascii?Q?GcZO3lcrJJg9BeGScbhd/ssqn5RwPHJ8CACNpoWE3JYQMhdw=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB313; 6:gNwobZFf2nLW0YvfnppL2NPVsiWVEDue+kkUlw72l4N6fJxkK7ewAz+tpoTHbdlI/K18aeoNFWLealq+BFA05I9E4e6AnPZdD7BvNA/57WikJUQaifxDKtuEdugzm5ELVMgqHNUOdnox4mAi8Rn+ol6PBqLhZxDETYHAijfIrCvW09QXjxEhaVmwCgAyPl4OELLvdYvhryuoUWRGltP5XddCg5d69e/kKAmPURxFDaOHDvj8z+1NCo0BzTQolJaaHjHW9cqwno0yatYotjINGM23KCYXlU1+yxaf5xbYUg/Bk2KuDnMIG1REdVMBc+BNyu10il5e0PND0KlDVxhT5RdBNkDZ+JxdQ+ZgE7AyBd3I2lqvMZ+rxk4kIZsE1jEdxPSHjMxAyknGNgopnUfR1w==; 5:YQr6ptT5BgcmlwUn9qwzlrgPfeOmOuWX7UOl5NgI9+oRSLiM+AXXbd9+eK9Td5we/o00WKvQNcB4eFyufEx6t4ykTjaqTLlf8Ca5n5Z8V71HqoXTEzaIoKkxNwfb62BgBSZ+t8KGQAGYXQOiFlFh5A==; 24:+0EF2XR6ffLdYv/+o7f4/PN1dJqRppVHNOI6x68vSkkVUEVusoyhQMI6VkwmI/2pTYf/4GJtQucCkHZWpYdA2+lY7e0fhTAKCA3yuJQGPIM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB313; 7:dtvVpT/XwqoNsOoCx7tPKThIr3x08Bf9NAbohrrJgYE1LdMPnOJ3h9UR6OLzo1/Q7G1Eph+ukPJmyD/NfoVnZ9KQLUF+Of4g4RG0Pg7pn9Dm8VvZjtJ23CVr6aLfrYuOMVMjgxuD2+YdEBCipTXcojFtYGEnEwNvNKBh4eUAPb8CegttoBgO62GMaS/KI4A8seRZ6OIFoUOVBZ0LhTsGSjC3ILKAXXmET8cpf2bkNrAC5ZZ4UrHCgTIkO/IzQuqLmc7nfHnrlJI7BR1fgyVXmtf/8U8H6I56d9KRiA4KH/SR1WdOPsg38tFyKd7GwZJfU9AEvewf+k0nUE6ixBRieQ== X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Mar 2017 13:21:31.3129 (UTC) X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR05MB313 Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 13:21:42 -0000 Werner Koch writes: > On Tue, 21 Mar 2017 00:14, mdb@juniper.net said: > > As an editorial remark, it would be nice if rfc4880bis were to use > > a consistent representation for the secure hash algorithm families. > > SHA1 is sometimes written as SHA1 and sometimes written as SHA-1. > > Thanks for this suggestion which I pushed right now. Thank you. > I have not yet looked at your other change requests, though. Mostly I was trying to hit the SHA-1 to transition to SHA2-256. I think TripleDES needs to go from a MUST to a SHOULD algorithm. I think AES128 needs to be a MUST algoirthm. I think that RIPEMD160 needs to be a SHOULD NOT algorithm. I think that AES256 needs to be a SHOULD algorithm. > Except for this: > > > 14.3.2. {13.3.2} Hash Algorithm Preferences > > > Since SHA256 is the MUST-implement hash algorithm, if it is not > > I changed this from "SHA-1" to "SHA2-256". Good. Being consistent and clear is important. -- Mark From nobody Tue Mar 21 06:58:18 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A307129871 for ; Tue, 21 Mar 2017 06:58:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvaWWP64pA8B for ; Tue, 21 Mar 2017 06:58:16 -0700 (PDT) Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) by ietfa.amsl.com (Postfix) with ESMTP id 5ADF0126DEE for ; Tue, 21 Mar 2017 06:58:16 -0700 (PDT) Received: from WBC109C4 (unknown [4.16.247.2]) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id E889A1251C685; Tue, 21 Mar 2017 06:58:14 -0700 (PDT) From: "Robert J. Hansen" To: "'Mark D. Baushke'" , "'Ryru'" , References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> <87pohbm5or.fsf@wheatstone.g10code.de> <78804.1490102455@eng-mail01.juniper.net> In-Reply-To: <78804.1490102455@eng-mail01.juniper.net> Date: Tue, 21 Mar 2017 09:58:38 -0400 Message-ID: <00a901d2a24b$3f1d7df0$bd5879d0$@sixdemonbag.org> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQLaT52vYN+mQSnqjI69yCv6xwS28gK1PiU7Ae1NZksCo0Mv459VxzoQ Content-Language: en-us X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 21 Mar 2017 06:58:15 -0700 (PDT) Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 13:58:17 -0000 > I think TripleDES needs to go from a MUST to a SHOULD algorithm. I don't see much point in dragging 3DES along with us into the future. It's done excellent service for 40 years, but the time has come to put it out to pasture. > I think AES128 needs to be a MUST algorithm ... AES256 needs to > be a SHOULD algorithm. What's the rationale here? Why should the shorter keylength be required and the longer optional? From nobody Tue Mar 21 07:07:24 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DD59129705 for ; Tue, 21 Mar 2017 07:07:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.396 X-Spam-Level: X-Spam-Status: No, score=-5.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.796, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id czFoLNI1bz3V for ; Tue, 21 Mar 2017 07:07:20 -0700 (PDT) Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F241B129408 for ; Tue, 21 Mar 2017 07:07:18 -0700 (PDT) Received: from pps.filterd (m0049459.ppops.net [127.0.0.1]) by m0049459.ppops.net-00191d01. (8.16.0.17/8.16.0.17) with SMTP id v2LE51tH017597; Tue, 21 Mar 2017 10:07:16 -0400 Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049459.ppops.net-00191d01. with ESMTP id 29at187fa6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Mar 2017 10:07:15 -0400 Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v2LE7F6l024770; Tue, 21 Mar 2017 10:07:15 -0400 Received: from mlpi407.sfdc.sbc.com (mlpi407.sfdc.sbc.com [130.9.128.239]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v2LE72tO024439 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 21 Mar 2017 10:07:09 -0400 Received: from MISOUT7MSGHUBAD.ITServices.sbc.com (MISOUT7MSGHUBAD.itservices.sbc.com [130.9.129.148]) by mlpi407.sfdc.sbc.com (RSA Interceptor); Tue, 21 Mar 2017 14:06:46 GMT Received: from MISOUT7MSGUSRCG.ITServices.sbc.com ([169.254.7.103]) by MISOUT7MSGHUBAD.ITServices.sbc.com ([130.9.129.148]) with mapi id 14.03.0319.002; Tue, 21 Mar 2017 10:06:46 -0400 From: "HANSEN, TONY L" To: "Mark D. Baushke" , "openpgp@ietf.org" Thread-Topic: [openpgp] Default preferences for the future Thread-Index: AQHSoccv8pfaKozLUUeVJmfgHHUo96GeXBeFgAD5GYA= Date: Tue, 21 Mar 2017 14:06:45 +0000 Message-ID: <56ED3B74-0BA4-4DC2-943E-B1CCD1F32AE2@att.com> References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> In-Reply-To: <52027.1490051694@eng-mail01.juniper.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [135.110.240.165] Content-Type: text/plain; charset="utf-8" Content-ID: <744E50B22F115841B911A9B05727CBC8@LOCAL> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-RSA-Inspected: yes X-RSA-Classifications: public X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-03-21_11:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1702020001 definitions=main-1703210125 Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 14:07:23 -0000 RklQUyAxODAtNCBhbHNvIGRlZmluZXMgU0hBMi01MTIvMjI0IGFuZCBTSEEyLTUxMi8yNTYuIFNo b3VsZCB0aGV5IGJlIGFkZGVkIHRvIHRoZSB0YWJsZT8NCg0KCVRvbnkgSGFuc2VuDQoNCk9uIDMv MjAvMTcsIDc6MTQgUE0sICJvcGVucGdwIG9uIGJlaGFsZiBvZiBNYXJrIEQuIEJhdXNoa2UiIDxv cGVucGdwLWJvdW5jZXNAaWV0Zi5vcmcgb24gYmVoYWxmIG9mIG1kYkBqdW5pcGVyLm5ldD4gd3Jv dGU6DQoNCiAgICBBcyBhbiBlZGl0b3JpYWwgcmVtYXJrLCBpdCB3b3VsZCBiZSBuaWNlIGlmIHJm YzQ4ODBiaXMgd2VyZSB0byB1c2UNCiAgICBhIGNvbnNpc3RlbnQgcmVwcmVzZW50YXRpb24gZm9y IHRoZSBzZWN1cmUgaGFzaCBhbGdvcml0aG0gZmFtaWxpZXMuDQogICAgU0hBMSBpcyBzb21ldGlt ZXMgd3JpdHRlbiBhcyBTSEExIGFuZCBzb21ldGltZXMgd3JpdHRlbiBhcyBTSEEtMS4NCiAgICAN CiAgICBJIHdpbGwgYWxzbyBub3RlIHRoYXQgIlNIQTIyNCIgIlNIQTI1NiIgIlNIQTM4NCIgIlNI QTUxMiIgIlNIQS0yMjQiDQogICAgIlNIQS0yNTYiICJTSEEtMzg0IiBhbmQgIlNIQS01MTIiIG1p Z2h0IHdhbnQgdG8gYmUgbW9yZSBjb21wbGV0ZWx5DQogICAgc3BlY2lmaWVkIGFzIG1lbWJlcnMg b2YgdGhlIFNIQS0yIGZhbWlseSBbRklTUDE4MF0gYnkgdXNpbmcgdGhlIHRhZw0KICAgICJTSEEy LTIyNCIgIlNIQTItMjU2IiAiU0hBMi0zODQiIGFuZCAiU0hBMi01MTIiIGFzIHRoZSBhbGdvcml0 aG0gbmFtZSBpbg0KICAgIHNlY3Rpb24gOS41IGFzIGNvbXBhcmVkIHdpdGggbWVtYmVycyBvZiB0 aGUgU0hBLTMgW0ZJUFMyMDJdIGZhbWlseSBvZg0KICAgIGFsZ29yaXRobXM6IFNIQTMtMjI0LCBT SEEzLTI1NiwgU0hBMy0zODQsIFNIQTMtNTEyIChub3RpbmcgdGhhdCB0aGUNCiAgICBTSEEtMyBm YW1pbHkgYXJlIE5PVCBZRVQgYSBwYXJ0IG9mIHJmYzQ4ODBiaXMpLg0KICAgIA0KICAgIGh0dHBz Oi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9wZW5wZ3AtcmZjNDg4MGJpcy0wMQ0K LS0tLS0tLS0tLSU8LS0tLS0tLS0tLSU8LS0tLS0tLS0tLSU8LS0tLS0tLS0tLSU8LS0tLS0tLS0t LSU8LS0tLS0tLS0tLQ0KICAgIOKApg0KICAgIGFuZCBzdWdnZXN0ZWQgdXBkYXRlIHRvIHNlY3Rp b24gOS41Og0KICAgIA0KICAgIC0tLS0tLS0tLS0lPC0tLS0tLS0tLS0lPC0tLS0tLS0tLS0lPC0t LS0tLS0tLS0lPC0tLS0tLS0tLS0lPC0tLS0tLS0tLS0NCiAgICA5LjUuICB7OS40fSBIYXNoIEFs Z29yaXRobXMNCiAgICANCiAgICAgICAgICArLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tKw0KICAgICAgICAgIHwgICAgICAgIElEIHwg QWxnb3JpdGhtICAgICAgICAgICAgICAgICAgICAgICB8IFRleHQgTmFtZSAgICB8DQogICAgICAg ICAgKy0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0t LS0tLS0tLSsNCiAgICAgICAgICB8ICAgICAgICAgMSB8IE1ENSBbSEFDXSAgICAgICAgICAgICAg ICAgICAgICAgfCAiTUQ1IiAgICAgICAgfA0KICAgICAgICAgIHwgICAgICAgICAyIHwgU0hBLTEg W0ZJUFMxODBdICAgICAgICAgICAgICAgICB8ICJTSEExIiAgICAgICB8DQogICAgICAgICAgfCAg ICAgICAgIDMgfCBSSVBFLU1ELzE2MCBbSEFDXSAgICAgICAgICAgICAgIHwgIlJJUEVNRDE2MCIg IHwNCiAgICAgICAgICB8ICAgICAgICAgNCB8IFJlc2VydmVkICAgICAgICAgICAgICAgICAgICAg ICAgfCAgICAgICAgICAgICAgfA0KICAgICAgICAgIHwgICAgICAgICA1IHwgUmVzZXJ2ZWQgICAg ICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICB8DQogICAgICAgICAgfCAgICAgICAg IDYgfCBSZXNlcnZlZCAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgIHwNCiAg ICAgICAgICB8ICAgICAgICAgNyB8IFJlc2VydmVkICAgICAgICAgICAgICAgICAgICAgICAgfCAg ICAgICAgICAgICAgfA0KICAgICAgICAgIHwgICAgICAgICA4IHwgU0hBMi0yNTYgW0ZJUFMxODBd ICAgICAgICAgICAgICB8ICJTSEEyNTYiICAgICB8DQogICAgICAgICAgfCAgICAgICAgIDkgfCBT SEEyLTM4NCBbRklQUzE4MF0gICAgICAgICAgICAgIHwgIlNIQTM4NCIgICAgIHwNCiAgICAgICAg ICB8ICAgICAgICAxMCB8IFNIQTItNTEyIFtGSVBTMTgwXSAgICAgICAgICAgICAgfCAiU0hBNTEy IiAgICAgfA0KICAgICAgICAgIHwgICAgICAgIDExIHwgU0hBMi0yMjQgW0ZJUFMxODBdICAgICAg ICAgICAgICB8ICJTSEEyMjQiICAgICB8DQogICAgICAgICAgfCAgMTAwLS0xMTAgfCBQcml2YXRl L0V4cGVyaW1lbnRhbCBhbGdvcml0aG0gIHwgICAgICAgICAgICAgIHwNCiAgICAgICAgICArLS0t LS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0t Kw0KICAgIA0KICAgICAgIEltcGxlbWVudGF0aW9ucyBTSE9VTEQgaW1wbGVtZW50IFNIQS0xLiAg SW1wbGVtZW50YXRpb25zIE1VU1QNCiAgICAgICBpbXBsZW1lbnQgU0hBMjU2LiBJbXBsZW1lbnRh dGlvbnMgTUFZIGltcGxlbWVudCBvdGhlciBhbGdvcml0aG1zLg0KICAgICAgIE1ENSBhbmQgUklQ RS1NRC8xNjAgYXJlIGRlcHJlY2F0ZWQuDQogICAgDQogICAgLS0tLS0tLS0tLSU8LS0tLS0tLS0t LSU8LS0tLS0tLS0tLSU8LS0tLS0tLS0tLSU8LS0tLS0tLS0tLSU8LS0tLS0tLS0tLQ0KDQo= From nobody Tue Mar 21 08:47:14 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 782BB129B36 for ; Tue, 21 Mar 2017 08:47:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.921 X-Spam-Level: X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yypm3OdgU0uI for ; Tue, 21 Mar 2017 08:47:08 -0700 (PDT) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0100.outbound.protection.outlook.com [104.47.42.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51E34129BA8 for ; Tue, 21 Mar 2017 08:44:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=b+eovdhuJsw/o0NEkYZJVz/sPtpvePOjwhC09914OCk=; b=M40IIZHzOUZngC/S6HoHO6oJtjTobaInxovvj1MSABqcVMMPCATlbA2CMtfhK/bLmM/obMR/J+UOcPOgcUnHCbaFlEmqz9C06jiQisjhD5xIdPc56uVTrgKl6i41gbsns2K9qhaKdLG735LpgYRwDSCTHv/4nHRq+V16aYPCnz8= Received: from CO2PR05CA0080.namprd05.prod.outlook.com (10.166.88.176) by BY2PR0501MB1749.namprd05.prod.outlook.com (10.163.154.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4; Tue, 21 Mar 2017 15:44:50 +0000 Received: from BY2FFO11FD023.protection.gbl (2a01:111:f400:7c0c::151) by CO2PR05CA0080.outlook.office365.com (2603:10b6:102:2::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4 via Frontend Transport; Tue, 21 Mar 2017 15:44:50 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; addere.ch; dkim=none (message not signed) header.d=none;addere.ch; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BY2FFO11FD023.mail.protection.outlook.com (10.1.15.212) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.977.7 via Frontend Transport; Tue, 21 Mar 2017 15:44:50 +0000 Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 21 Mar 2017 08:44:49 -0700 Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v2LFimVb026474; Tue, 21 Mar 2017 08:44:48 -0700 (envelope-from mdb@juniper.net) Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 68FEB1144E; Tue, 21 Mar 2017 08:44:47 -0700 (PDT) To: "Robert J. Hansen" CC: 'Ryru' , In-Reply-To: <00a901d2a24b$3f1d7df0$bd5879d0$@sixdemonbag.org> References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> <87pohbm5or.fsf@wheatstone.g10code.de> <78804.1490102455@eng-mail01.juniper.net> <00a901d2a24b$3f1d7df0$bd5879d0$@sixdemonbag.org> Comments: In-reply-to: "Robert J. Hansen" message dated "Tue, 21 Mar 2017 09:58:38 -0400." From: "Mark D. Baushke" Date: Tue, 21 Mar 2017 08:44:47 -0700 Message-ID: <11503.1490111087@eng-mail01.juniper.net> Sender: MIME-Version: 1.0 Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39450400003)(39860400002)(39840400002)(39850400002)(39410400002)(2980300002)(189002)(199003)(9170700003)(76506005)(4326008)(106466001)(6246003)(38730400002)(110136004)(105596002)(6266002)(50986999)(53936002)(76176999)(54356999)(86362001)(189998001)(53416004)(117636001)(7696004)(81166006)(6916009)(2950100002)(8676002)(5660300001)(7846003)(6392003)(229853002)(77096006)(8936002)(7126002)(55016002)(2906002)(5003940100001)(47776003)(356003)(50466002)(2810700001)(54906002)(305945005)(93886004)(48376002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR0501MB1749; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD023; 1:NWADjvySq6FAta8ruBmtfTzjoOn2Eieg3MBSTu0px263JzU5xCxLRHkZkxPD6sxzIKhKu2pHTTPPZ9q57DMKPEUWdtviSDnFEFU4oRR3/Mu2jenlNBgzDLKpsGxHlRKSHnv0SoXbEKdESFNZLXhshrLL7AJPg198kkL3U3Udogx4wrCrxdD+GnldpB4Xg2+LsguSNToek2ir3Ia2/5ggdsSYk+I5eOKar75F/CXczKxS69DSvwTuvqAHOC38gcgKTGrq7FZfCz7TwMAaY+u8jpSsHnqxC7OlC4lnZ/YpG1VfGGdEDNl9Cb/tqyCGlkGvJnql6RscKEFCg30Lc4BTDYPWwpRARNjgciLsU5G6pFQcy/IXSjuitNbTriENP2MwmaNUkzjVvkRzWZTJCSrV0VmLzde9Ia/FTtvTmT+mzqP7LPd9Sel71CUz4NX1P3f1ib1zF76IR7tid0YVHAaVnjidC1OShD5l0Su7YpD5ldRwRKPpR0pjvh1/NS+pajE1BP9ryFsD2KoY9WdarljgtThavCcRCyaeCHlRE0AuVLW/yIVo0uGAHRwYWoEnUvt7pzd6CtRjgwdZe7oNZjkqdWGIJ86oJcUcMQd9RHT/bs4= X-MS-Office365-Filtering-Correlation-Id: 32735efa-1c78-4a5d-fbaa-08d4707135d0 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075); SRVR:BY2PR0501MB1749; X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB1749; 3:qMADWJsnudhClK2pti76pKZWAHR4Cz+SlVJ6/Ht7o9yv0mvE51h9j1fONL6B4Oi1B5P1UY0KydDO9gE41xtRdBgcgTyZg1VhoCVPexRauSIDcEdDENdQXe4NEN/1dbxL0/07wtvCts9LpIqjcaRx/9aF7Vi4GnoizT2cSDBAoyAR3BdhMn9IOYJiplg+8M3GKFLSrj4Ynfju+880hySgBDJ50OKm0wNV9gLNcxRu5UTz2Unbxa+vBflECYjiG+iQdcQy+YNAKF2mQm2JfG5NQdRyFqOuJPIqlviUUnxx3g8W/n3nRy38luNH8sltbRiXne21xINIzQUTEcrfSZwcalAULlebjRxbv98F5nR7PhSKbNrxrPiAIXiJK7m4giRtmk+UVqdFdgPGF0pAhSf8Xg==; 25:Veh6noQ4PnodNoMMgfsZlXj1CPfgxBa88MHuEuDnxBQisBGtw1X0BGUjKf3VoUHYMEeUxmJehHEyBZG8zS6gSXUtDSdiNFXTPkVrWOeNwaEf02Ndsml1uik2jXeznCk6jNw53hRtx9bE7acun9YLkli9YJ0c4kBgF1LHKPMSOQ++hG/B1RHyPTDFsWHK1vuH2w2Jc7tuJ018hA2wJsUtLUCGmCZ+KneArsRwq+kfYwxi4sqnwkCCa9TRq9BbeQ+6z88BunmC8Y3y62ODu+LzbIJzc+1FHstb2cNH87nS69sMtTcI5Mjwlvuile9iWrMC3ZS2CYFFngLVnxE3nvA7KyLO17rACH+pnEGMvrD33W9lvxBlRJD7jQbqfpANqqhkwh8jkDMkdfjUeGrfnOm82dUvgPHbh/clxsAG/8lDrsBfjYl1aOawMgLMoHF1WIaP7hzOcNO6zwgxmLDNO2kVbQ== X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB1749; 31:aHSXxhCufnV11UPIAcKqO3CHOgGwa6KiuLkE+Tw0QiRQMGcH/i48Fbo4bTs5QflkvIFjQ7T1vkPhHHQYvXxG4yhBKnpEhgVC3btzCXFYLjslxNAZ3BJoOUSKC+g1NOM0bnxzicupOggOz3HH3Jt0iDIFkqIrGPy6yh1YDAsioOZxJnaO/i65MUdLGQwrgvQPnnYe4Ip5e1WEkO1nIfKE2aBMUE+T76IIrx9egC0y7Pq/Pbq8CfvIL6qx6imuqdLCkBgODhI07JJqHRDIZM6SZQNWKdqqJ/yztYVecqfpDR4=; 20:kOS3meD+imcZujhVU4QMbHi1G4DkfSdUmUam8sPjrSbkK9vgNKwtODAqEr8LBkL/jxw4+MDw0BscM2oDDfCZaHHgamGvTLRVMvZ6NRDNxQ8BjK6VZZ2SbmVyry0iHIUlkfbkqILJZ3n9CLrgQm9JNy2pzo5aJbX8JBn38mO885B/x39uoVcioJcb3m5PxEqLGFCArDJ5F9XyJDAjCIMaJmKHLhUBgrEtPlLrHTBdOPiDad1H+OBMC/VDnRXrS9NYyQVNOlsX4wmy0jSWnKSdNDHK2Egt2xt9Qw5DTphI8CzVy/6Z2lKjMDWbqsPK2ZXF99xJG+x5TA0NRWJjG4OXWvOW7s7SmMixLCIcnAimd1QVw6aQ+8wrQXL+odl5PmIXe2qjI+GwZgk+GuDIgB9dDzSrsAXLQepL3SWdwEe1qfMGbWJwryqMVgfMXApNA3R5JnYTtzEKjzbIWYIqHQlQkquhf6vckooW00ktKGW0S77V1PzolrPljGabmoUMSi02 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(13017025)(13024025)(13018025)(13023025)(13015025)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123558025)(20161123562025)(20161123555025)(20161123560025)(20161123564025)(6072148); SRVR:BY2PR0501MB1749; BCL:0; PCL:0; RULEID:; SRVR:BY2PR0501MB1749; X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB1749; 4:p113SoTMlOmoi3oaiu3ZMiQXoOkr6DpH77HwpW7dgiI8SsUSgg4LrH9dcz+9sbtGS18PJa3cxnu9Z8rEObrBsVGTHBMtoM3Gtb0FPdiJvKPv+rhi39F1WOLisyg3mQHq1L4LBYA1ojtDQdfcxcKEPeP/3SwueYZf4tSDef6U1TzPtMDqy6v0cYkwtRzcv5HmqLXAdgxXUtb5v5vbEWWm/hmUdC0gXXqfRtsBVFBJXV75Pzr7fNqG87CxhypXYia3qBA1ZSZdo/+Hra+yDrh+hozLglyUbV6mfJhSPnIv1gQEjo8AcTsW2SRJpoljHIXzLIOnciOXK5Sgollpd7fsw0KmCz0ZFcykcuisPPSdsZKd4/bvesQw2YMIvLxCYjJO+d/QrFINxvLHTGzWQPPDxG0dwqHsW5wPzp6iR+mq3GwZ78nxXs8NCHdNWMDvNoY7zo1Oy8clf3dSb1+8JDIoDACMW/x5L4U9Lz+OEuUh1nHUqZrrKEnFKPeJVY/W4cpgK9kdtD5O24TOMVXsAlMtTa3khORKae2pDF2i2HkwlnjXqgfa7izdiQ49FaTS8GPmPDWRHc173HThp1lITKvHVvdgE4vZ2O89lScdMHd7Yu81U3oaMTLUuoctVOm4khqAVDnrYFNeX046Fe0TIuwkdrhhNUdPt9UUQgLFc57sA6ywh5qa7ACrGiE8bTQP3sB0T52ZmW3wsi0iURs2r8UgpA== X-Forefront-PRVS: 02530BD3AA X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR0501MB1749; 23:tZL8+JNojXBvjZWJ+F9UbdiP9OuCJYo34I05eL+?= =?us-ascii?Q?zQB8bGHIBea+0HM1tsqoOA21PFPpI3Cca+DFYYjIcX8+LK8HwPTP64+5jAJH?= =?us-ascii?Q?kzOnNRicKlunl+NDCN7Ho2ERK45dFkKKnHt8HIwr94lYVuNfVOJyYs6BS5P6?= =?us-ascii?Q?JaAK6Dx4l27E31T4JDn9ZgIFK37OZyC31aBNAfcowkinTNOuw23ZHX3Hf147?= =?us-ascii?Q?kSy8gnkv5UewLA/icCuUtUQXVARnW1uokkp28d2kprCPAo6cwptQ7v0XiYHn?= =?us-ascii?Q?Q5oZMijKPqZMtS9HUH0NBkQSEDUnpnu0MR29NWYg72T7G3ndFsMvnpygsN6N?= =?us-ascii?Q?rslsCdHhKSGW4e0TqtzMqZ/fvptekBBL7qB2iMXSD5y3qVdRiuk8furyhomO?= =?us-ascii?Q?sNvDGZ59+IqJ1iaxV0aQg2NHsivr9BN6RPx7mk1tSqtIRssyqREwGYMHoEWX?= =?us-ascii?Q?XYwAoLwa2Yy4z/6+vvV2qP3ePt05IOEZWGSaIqPo0ZCr6dsWF4yV2gwbFzcL?= =?us-ascii?Q?DIz8iE03aZEsMDCeiV3HMPOvP/I+8dL3f8b53VdpH5f4Iz9xuZCm50zKxbak?= =?us-ascii?Q?aFxhDqZGhOXZdzFd4cQIp1tCXQffG0eNhtcvymLGjACa2BiarNi0Y2TOd2yZ?= =?us-ascii?Q?DwadNDR5qrizKpvO5VV7ZtAqFmrTF+tjlZLEAghCbPguN3BE/ts3QeVsRTRW?= =?us-ascii?Q?RPIljLW2nluDuxUp9JQzYei6ajpJ9jwmDvqaDGEXa5rGO2cSr4uQDvJQY6+r?= =?us-ascii?Q?RV7XUU7Rxh1Y9tOS7dEk3HPzpP92mLQUFkHnFLkL0+6IhRLqxxkquBxZfm3e?= =?us-ascii?Q?oadAB1/fjLxgIKujb1yPxrImLiqiHeAkkw2e/iV3ruDlFrjH8CbiNUlrXhrt?= =?us-ascii?Q?MHFeCzpW2EgJe/MaT4tYz6MRLdG2k8AUuz6MYvolptug1q3c/7hmRA3tISzY?= =?us-ascii?Q?C7Z/SSpcm1VzcblwQL3fNGHhGYUAOa2Hmai6zeiFoKoCvO9dFoHyOicXwO40?= =?us-ascii?Q?LiN57+c9RSFXu52fY/kxTba8umV0OhE0vDu3W9gZpdL4vyyINAOYf72tvsUf?= =?us-ascii?Q?0BpufATESpwj2sJDQC8tDpkReLhmDGYs8IpfpVvcnHvA9Ptdtjut6Xx2WTbA?= =?us-ascii?Q?0581mQXpaMoEHtsvItFrcN8GXIm2UPPk3jbFaNQjty100+/ztummZbg0rutz?= =?us-ascii?Q?9Qgl5MZv7Q505r4Q7JzRGZaNf5Sk9ss0D5L91OOduFdaYrpgyM1VjCVzdBg?= =?us-ascii?Q?=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB1749; 6:QAVoRQzJYZZMfWLK0Om818PHmhbrpYQiRdveo4bZZmqjQ+knwpRfY+qhhkSjF1QiWuvXpEanMowWr5K3NXE2aR8J8dGUcbGCJBhm+SepG6Ll/Le6bao6Kf0o/6RLUQntSI9557bPOG5ggh+nj9XXk0nqL8S9/rNpxLMZFzeY+UuWlEYtkc16cHVFcoyvpOk+ow3ifHA3hz5n2+Ri8CukkNSVxMMD///2iyWNusNQTxTr1WbUH4hBmMrsHvk4xzvM6i2bgQ5KrLHqZG8jQqnoTFavedkLFPbJvn9sFH+mKXAnfs7JIYXlm2c4rg8rnjPDs46UYXw4Us3Hq9UmPp5S1kmUfmsALkHZdp4ytGEer9LQIPMm0URf1pBTBNp/TswUOTV/C78jvfFmmkoJHrZIWh3Zmg286hoZS+4eUZksLmM=; 5:ApLkNuaZ6iPQ0m+rnFcyuLtlmMq+jSiO9iVrnTUbQ+NfVD8EsNtqpwqRxq2yN16+2bg8S76XCX60+8os0lL8jL0dC7GRLjVv4/OoSDVoxFbYeEONgSxXXknBnUQh7PazS1srTzNc9Kp6a7uA1ngZFQ==; 24:KkzPYp6xIJ8ofFQmgwar58g4jK+hyjAIr8iW5t2G0P64DKOAHbonlt1DN5OthxkzYoXd3kegIeis+zR4Pnxhw6syTr69vqM//wEei5n+wYc= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB1749; 7:Tq041/WWKz5+tTm1GSy5/ICXChAmN5YAmagrjz5YBWMlA0GQqDGam5rj+oR91vMhS+Wy6WHDkYbeb4cYOuYfjjcTxq2IHjEFv4JlroVnqX+Iqzyd+JXL8lI0aJ+1hiiOwRy9jzA5eO9PbkMnJIAEyP2xh5rd5Vh0zMG8SSPWCvQPblKERBVnW6uWrMNItyA2fYblVVCVBaeX5w6NVN6Q5Nqbt0rl1ji2pgci62250t3NqVdcaPUbU+HZTw4jEn2BkklfDA0D/u7KcwKR7t6M6sUQbDjqOiVbDpxRr/yKC8x6z/RGAb67z0es/SsTAtwE2PtnQjTy89jkIUGKGryCIA== X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Mar 2017 15:44:50.0246 (UTC) X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0501MB1749 Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 15:47:10 -0000 Robert J. Hansen writes: > > I think TripleDES needs to go from a MUST to a SHOULD algorithm. > > I don't see much point in dragging 3DES along with us into the future. > It's done excellent service for 40 years, but the time has come to put > it out to pasture. I suppose it depends on how many messages you have encrypted that used TripleDES as the algorithm. If you don't have an archive of encrypted messages, then dropping TripleDES is not a big deal for you. > > I think AES128 needs to be a MUST algorithm ... AES256 needs to > > be a SHOULD algorithm. > > What's the rationale here? Why should the shorter keylength be > required and the longer optional? RFC4880 had AES128 as a SHOULD algorithm. Making it a MUST algorithm now should not be a problem for most implmentations. I do not object to making AES256 a MUST algorithm. That said, if someone is using a symmetric key encryption from a pass phrase, they are not really getting a very strong key. Certainly not one that has 128 bits of randomness in it. To get the most out of AES256, one needs enough entropy to properly seed a PRNG to get 256 bits out of it. If one is using something like an HMAC_DRBG with hmac-sha256, then really the entropy coming out of your random number generator is only going to have 128 bits of security. So, is there a real need to use AES256 for encryption if that is not how many bits. I will grant you that a number of platforms are able to provide 256 bits of strength, but not all of them. A standard GNU/Linux system today which does not use a hardware source of entropy and is only collecting mouse clicks and process interrupts is not generally getting a lot of entropy for keys. If I know that I have an OS that is using a hardware source of entropy, then I have no problems using the stronger AES256 random key. However, why use that much work if you know that the key is not really that random? -- Mark From nobody Tue Mar 21 08:55:58 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 273B3129A9E for ; Tue, 21 Mar 2017 08:55:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.697 X-Spam-Level: X-Spam-Status: No, score=-4.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.796, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74GsDSM8Gl9T for ; Tue, 21 Mar 2017 08:55:52 -0700 (PDT) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0110.outbound.protection.outlook.com [104.47.32.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B90151294B7 for ; Tue, 21 Mar 2017 08:55:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XJiDS/Tg0Z8K4ZJIxiI4IbEtt9oDZqOlg6XAB+jYnrI=; b=CjQMuOQ3gYX67w//PAUtuYpijQjuCffGOVvuhU6RKwozr6uvk8zm37Z5HL1jA1mgxXfB68H/3pma9BeNtY8DfwTMND7pGYlAMoNpjyiUfqk31w4HGiaeuEyahiMpF2RRS0u+J4JauSY+rNzrVTh1JHpVh8u+e2YS9r15cHSF5L4= Received: from CO2PR05CA0075.namprd05.prod.outlook.com (10.166.88.171) by DM2PR05MB317.namprd05.prod.outlook.com (10.141.103.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4; Tue, 21 Mar 2017 15:55:51 +0000 Received: from BN1AFFO11FD007.protection.gbl (2a01:111:f400:7c10::117) by CO2PR05CA0075.outlook.office365.com (2603:10b6:102:2::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4 via Frontend Transport; Tue, 21 Mar 2017 15:55:51 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; att.com; dkim=none (message not signed) header.d=none;att.com; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BN1AFFO11FD007.mail.protection.outlook.com (10.58.52.67) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.977.7 via Frontend Transport; Tue, 21 Mar 2017 15:55:50 +0000 Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 21 Mar 2017 08:55:11 -0700 Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v2LFtBsS028902; Tue, 21 Mar 2017 08:55:11 -0700 (envelope-from mdb@juniper.net) Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 0982E11446; Tue, 21 Mar 2017 08:55:03 -0700 (PDT) To: "HANSEN, TONY L" CC: "openpgp@ietf.org" In-Reply-To: <56ED3B74-0BA4-4DC2-943E-B1CCD1F32AE2@att.com> References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> <56ED3B74-0BA4-4DC2-943E-B1CCD1F32AE2@att.com> Comments: In-reply-to: "HANSEN, TONY L" message dated "Tue, 21 Mar 2017 14:06:45 -0000." From: "Mark D. Baushke" Date: Tue, 21 Mar 2017 08:55:02 -0700 Message-ID: <11858.1490111702@eng-mail01.juniper.net> Sender: MIME-Version: 1.0 Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39410400002)(39850400002)(39860400002)(39450400003)(2980300002)(189002)(199003)(9170700003)(50466002)(6246003)(6266002)(38730400002)(110136004)(47776003)(54356999)(76176999)(50986999)(117636001)(4326008)(106466001)(2810700001)(86362001)(55016002)(2906002)(229853002)(7696004)(105596002)(8936002)(6916009)(81166006)(2950100002)(8676002)(48376002)(53936002)(6392003)(7846003)(77096006)(5660300001)(53416004)(76506005)(5003940100001)(189998001)(356003)(305945005)(7126002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR05MB317; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11FD007; 1:Y+DfrsWOzrg3ta20oIuJ58hGFMSciDDz0u6OaruDkZJ/f9do6z5HdQjqoYpTW8nWpx3rIraWF1fzCUvC1KUM4oFMaBIYKngssnNgObNihEghn7qRnHwqEo54BcQ7VJPnlYonzBbXW+EOJQWKhgh0HQhNY3grLmcWzhgvj3Cdsfl7GbAHjUHSVd2Iu0vvr4w3iEfNF9zgOWj3KAMOpE8xkIj4p15+NBXxNqEPry0dSh6/494tULWw/yC3VNKokveAW0NGoQfmmZQBMe40s7itH6GTqXASEvmZAoPVMbYG/ei8uhqitPLXQgPtM7iJyZy1gg+rSiwi9W7hkKFw0Qkv/7dods/97SihAu5ovuN+BHZZFKIJ207O3gkVHXL97K8VX9wqYmxVYOee11hpEckVrFChV0lPoeMaOGhjZ2nDlk4bjZ+U7WE+jKmLzhJvrfpRmhSdAema2poqp87a3aZcjRGLc8rWXXvm59rIfIIUXWAXDoHqHKp0hc1j2fkgwA6obSDvbS1mPUgpMUMc+oqjWGmCtHPyxsfxvT5fu5+11Hg5iusTVXuPou2+2DQsDMZK X-MS-Office365-Filtering-Correlation-Id: 0e255e5f-d3fc-4956-44cd-08d47072bf80 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075); SRVR:DM2PR05MB317; X-Microsoft-Exchange-Diagnostics: 1; DM2PR05MB317; 3:5CtvmcDv6C3kJb5L3+8zG5ffeOFvnPkTY+zbjxsCkPHTcghYiXkndcYbBckVmuMvE8MoJu8DV/n+KL7oRShz14c5OK7cUR98ZlD5bgJWRdB6w6oI5UvEI7aOnRgL6GilMhopUIbzV7XmYr9UaaMtwS6iljcLAyFg86vEoTqdyRGV7+UjVBVELnPWhfyaLJvZs6nLKlP62pIKyVXoux+yWgKPWdCiFMmpTJUvVWuIN5Ax3kzO24WihQAIpArXJYLjTglzOygX35OSPUtJ+XcXTnFmgGoRDSTb/TRar+SK/c/gigKFf5PW/70K463Sfdkao4rMmG+XIs/FSq7zAzQ0kueKb9Z4KbABKN4skYvYBzKNNFenwxLDWckuu/uZqy08uUrK17OQ24cO5mJA6o+pcg==; 25:w0vtsMaDOPTX5iFpMcR0rBKhMev15WX+BPyUnu3Un+y4ZgfPCqQ4CkOHNn8WBYPLRCfz0eMeMRVJs3K8T4DbM+05IXoO5LJ8ztQuEVbICB29yE9qejcrP/DYInwVsNXmZuWKrZo0nPoO0DVGq5TgNvqKV9CrXeWE+nbA8N6iuq07R/5T97BUo1v6lfccO6pjT106h3Y8rbVtJJl9RsfHerX19vHJdG9mlqlijiFEH40CNTnEEh8e4XNoj1IJzwJBt2RC1KdMWH3TvYp5h15roOL7c7jnX72S3xHh20A/UGMGLMr1mHTyvzSzYs1k2UNQHOU2Nfyb1J2dqAjY/9VgXBiSXEyiqOxGmMORiVxEpe2JAni2tR2rOgCMMATRFYs1gFEO82uap3uNJI8VGibDG9U3CpOubwvHMmHljQRz3e4iXHiSi/6bSqHqr6w5VxBpwvK1CeBT24AOfaLRyy7tBg== X-Microsoft-Exchange-Diagnostics: 1; DM2PR05MB317; 31:oJvJjsZl9L7pzrcpu7Yl0rzsuUZaOUAQ1j5aezsgfwN9w7uQ9Th1cU4DYlJ1pwwh6ftxnvNxWfIAm8Xd3dP4CX66pkO4LbNNJ+WE0E5QpLr6AlK1TK6OkVRkfwyuO618NGseg/i63XkEK2mSZtKCCHkgNNQkl2m1EFwVG8MqWwBaCnmV2ydxsVSXH8JhgF6B5SL8TZaR6D7BaYKq5pdYoxKz4m97u/kbJfD7fGyjvQhY/G6muQceWLw+rlyE5TgE2oKMhhs9IEm0gAg/sFbxuQ==; 20:Ndfp2weIfqQ8tdiIOESI33vXl9XFNEjrTTES5LJ3N28qfi2lawD6kGwz78Vs26S8M4fxXBa3Z3gUzzQtzZ8I2ZHV0TW2kLp5bGLE+2wfa9XQOUuRpKR/2ZzaFh0TzR6VcXkceHyAopJBLQvaiBq1nSO26sMbaoHtdBZLyP1GgAltT/wZo59X2GbShTVzvoMEKvw+M7NRIuij0onC1cGaa0HwkONUtfGrDRbJg+3RrWGgJJuAd4OOdGADSj0UoJHEn/ekUcGRkNI8gso/VUBL5IVKe33y9eYpDW8rM3ph41LtEom1SeYIk2rOQw/MfmBx6VYcvjahN+WcadmO3qhh+Y7uu6TLuyTwyVgA1TmezEmNPzdezmEIlI+Tkx/0HTQXD2g5G4ZwwkV1rInRWvPjvtXiC0FyHdkGnEKaxHNfmiQAWdWJRlecsYyA3JGxrVde3km8bs3SSG8ZlMs0o9fD7jJi8IuhcmrxZlnJVwScepom1weMQ2HLcbXn54bqB18u X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(97927398514766); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(13024025)(8121501046)(13017025)(5005006)(13015025)(13018025)(13023025)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(20161123562025)(20161123558025)(6072148); SRVR:DM2PR05MB317; BCL:0; PCL:0; RULEID:; SRVR:DM2PR05MB317; X-Microsoft-Exchange-Diagnostics: 1; DM2PR05MB317; 4:9WmDpQ+0XnAbrdJsQRKJTxSkaq+L+VW7+NogklsSw5vuTG+9sQIxg5jPiYt+2+OIu3xneARc3llshlNYtvG/e2m3kfzX6lwo4GUf25GhpMJzsjJLAb1mYmMovYzpRMw+VFa/K67NRgyq5BQFvSizeijuAXSaHciUCYiPKaSXVt2VjrxKCtCSFDkRlo907l+8vBDZzwBSWc4Yc2Th8ebuBTLIVQk6ScR9IFaNaVPASqA+/taNF2OIgo9f66QaVS/LrZxRjQHwlaQfOpDfifFC4iQ31/EE9mHz9mbDL2LgiUlk0mLGod5wgztjAjibefKiBQV+xp5kEqepSf1dIHtHkjtiFCUVGfIQaJ/lgxaWBf5CKjLPnNSGCNcV7129SoSaQdnbnr9ldCIYbCno7BI9XF5QA5++okidq1MMp08CTbcVrb/lXiAyIWKVmcB7bdHb4MMyzyVjd0hVJZJeTXqQdJhLZzW0VFvNk1pfuvq6Ja/YlksPkPrsvHww4dimzC5vZanhIWkBG5i4fezmtLmEPbHzbhXPhTiyhxO5OBKS7/bn+4lS2c+3obWjC52yAY6DNomvS2WWTcGIoEQ3zDgWqHw3AUul1Z5LnbnLSzruJlb5qeY0wiJfg85ZZ7G8oyr7aYR9xSYU1uIOFfVrARfpXFweF0cwEdFgHqxIuGB9jyQvusrsOJJ6lkLJHXgPksFqyo7Iogj1cJzb8RYa6+zMpoVUzzdvsY73Hj/GKdIdO/n1TzC8ELwT9Miz689bqnHs/adMcDkPJpK1bM4Y1lIxVg5Rsxv4T+1oyDfPwLwX7Xw= X-Forefront-PRVS: 02530BD3AA X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR05MB317; 23:M7bD+ZABDqpH+1/7e6cXfKc2p+42CIX2CMMFyjDxsa?= =?us-ascii?Q?wp9QriuA3l7UGCiNzPxZQm4XTybgY13oISgzYoCJowTQRyJyHORBfT3eXIEz?= =?us-ascii?Q?gnqF5RuBWSzNKPoN6zkmXTa/hjH7BElKZqEr5X8jxsnnydxCYJlyjHUnyyQU?= =?us-ascii?Q?4R6GiYbERBhxgDySq4+gNOPYt58q/mDtO6/LKZ/BpZxdKz4RUUEFeM8xmpGh?= =?us-ascii?Q?0fjryaAkmWD/BYH1r/sCZeR9zlDE2mtZq/hotsU6HkdLEwCth+4ov0KoyZAw?= =?us-ascii?Q?+/xazX/9R9Je969J+OaZFRsjOLtH6a6lJ1gc8axjGVw7bvbBZAU+PEU8GnOR?= =?us-ascii?Q?lbHecd/I92p0zW87MQWRnTmC+RaEAwapGS+MuIpBMqKMn5dJ1MtRQL/XmnSC?= =?us-ascii?Q?pUny9FhKcXzdB+poHWQFfw04hObl8Wdqmqgohp27v43Kqe3QuHo8VPQ101H0?= =?us-ascii?Q?3Ot2T8Sar+WwvotWtUmz5eyZhqLgpChX6vjVl3d3/74o9/C9dcturM+aWiM6?= =?us-ascii?Q?NsZWljjrJ6BaISRtWK8AaD87/5VIBuKJ+Krd2sosWu6ncrye8rk14/Aii6cT?= =?us-ascii?Q?8mbNIMNAO1q9HQ/qIIV7+aM8I6GE8nnUe/68j/SSH8HW8kzVIUTYTG6cz3GS?= =?us-ascii?Q?Z82rQHpHLEEJcGuANC3BvTcQlAtaNiPxVfchqbylV8oqco5wAMeYEEOqi9pr?= =?us-ascii?Q?jTWj5fEXLSD5BTdz/b1riprsvLj8VfL38K6daD3XFbW2dl/J3oCK5KuhOVn+?= =?us-ascii?Q?NPaxxsIEWJnhMUC7IjbQ4BJ1EvyWN2Mu5TdroaSMHRLwOjCL68qjvdnzB+5v?= =?us-ascii?Q?FKr9LcitdX5BPX61joo/oPEjzuoa75ecEcImGhhCHW4Wac5dTMlpROn1wFjK?= =?us-ascii?Q?5VHTw0YXv0rz036tnN5zUTrkq5/6JNNJYcWZXcvWHwAe2VKiLWt68zSsAg7D?= =?us-ascii?Q?Ka5r/bYWGGlT3uXUmBqiS7omoT2CbfGb6QlXgXu9CyvEVCChgYTw5d4PehDX?= =?us-ascii?Q?rY3zhiaWZJ562K3wX0ofQ7QJmhAi3RvKjsUPBvI5ssj9KDyBqrOB8prx5FyO?= =?us-ascii?Q?YI6X8UGNx8oz2U2TAIhXWxgs7aCznswC7t0DEzno1vz6iGgTHhLB3Cc20I6A?= =?us-ascii?Q?T2OXa2aNrkCsedNYxxUv6HVd5Bbmj07BNYVTRhooeCv3lGfXrM1l8sQ7B/oB?= =?us-ascii?Q?w79GjFDFvhbaI=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR05MB317; 6:x0UBJ5AABB7P3ETLlGq8NtI92gF2Sc7SvpLpLVTSGkEHjHgo0toV+WK3ghKiInSaxJEFCQiyfQZC6dm4R310wuQJFzBgI7uH80vfE7GWa+vcZqGoKUdGhmjObTsxUCq260jEiSSTQ3MqRqLPQSEMxnGIGu1bxSZj6t9Or49XSmJgrh8A9xRn0x43QTOT0dMEMoK9SE5JvYmpYdOWkYbSBjGnPtKuoszfWKLyQ4U2tnhETt1fYh865QBOs78/URhb9/g+UbA+pFjSQQRR88iDzyHeH3Z2/de0Z6cPzLtutOqsX5YqCCr4nlbTfNWqti+JFVlxHlbEPn+y2VxmikuZOH1vSVuaRt01Quhgqq8pSHvxyJqkRbYMuJ7ecpoxuqaX44D6zS2aezcctqmLe7B/wZdofhebvtlGU8DQpV7qttc=; 5:9W1JuvFlZeZpfdZeVrAEzlNu5p4pEbiRYLxlr5MLhgjBLE+8oWml7sKJ8R4skZMojILECufYZVEvUCy6YCj6GKyLcmkchHiZOtStMrFHMpOWtji4HRzHGOnNzYrIi9Xc7no76HUmCQSm/8XSAggGNA==; 24:feU/IDf1EiNyIiNKVo+/zDKpot/jsOLfinJ9YvdOfnJdHrFZ+QFEcKtPmJVPfXcxnkCSmDC+UVk4xi5UkWvEdEcHsCboQhKYDe42QM8c0Go= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR05MB317; 7:32OETokvaMy3pyEy2htb3ZutyjMNrvU1eZP7vdvCZA6miOQ8O3Y2SfAyw2toKU0t53LVDoPxjxWUuhd33ZGg731MWRgt+xEauhFMnZ2Z9QRc+CKYQpVxD60STVFkKxuMx8AZkVmZWikhgpHSfHmOuDbQrWkYrlaqlqRIveaiBa+NtsQ9zEFV0j4l+Sv2m/muGxqFmbcGRwBH+X51c+G0rIBgPDJ11KLkDlgDNwVFpWK5L0PZB+P2IdCKE1FFQzVFC6boZcrN7cW6yMm+3fjZck+eZYTSND9rsdbyfvVr7fNWq4XUGFrtWYtLT3VgYtyNU52ksPJJyQl0OJQRirxgYA== X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Mar 2017 15:55:50.3463 (UTC) X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR05MB317 Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 15:55:57 -0000 HANSEN, TONY L writes: > FIPS 180-4 also defines SHA2-512/224 and SHA2-512/256. Should they be > added to the table? SHA2-512/224 protects roughly 112 bits of security, so it would be fine for TripleDES, but not much else. I would say it is not needed. SHA2-512/256 works great on a 64-bit machine, but is a lot slower than SHA2-256 on a 32-bit machine and protects 128 bits of security. I don't really care if it gets used or not. I am guessing that 8-bit and 16-bit implementations will care a lot more. FIPS 202 also defines four cryptographic hash functions (SHA-3) and two extensible-output functions (XOFs) called SHAKE128 and SHAKE256. All of the SHA-3 family of hashes are very slow in software, but could be effectively implemented in hardware. The one thing we know as a result of the SHA-3 bake-off is that SHA-2 is a lot stronger than we thought and we do not yet really need SHA-3. That said, if you want to add agility to OpenPGP, you could define SHA3-256 and SHA3-512 code points. I see little point in any of the other alternatives. -- Mark From nobody Tue Mar 21 10:31:34 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACB4E129C30 for ; Tue, 21 Mar 2017 10:31:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZsXNZ2NcyHpd for ; Tue, 21 Mar 2017 10:31:28 -0700 (PDT) Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) by ietfa.amsl.com (Postfix) with ESMTP id 84F24129C3F for ; Tue, 21 Mar 2017 10:31:24 -0700 (PDT) Received: from WBC109C4 (unknown [4.16.247.2]) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id 11541122A94D8; Tue, 21 Mar 2017 10:31:22 -0700 (PDT) From: "Robert J. Hansen" To: "'Mark D. Baushke'" Cc: , "'Ryru'" References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> <87pohbm5or.fsf@wheatstone.g10code.de> <78804.1490102455@eng-mail01.juniper.net> <00a901d2a24b$3f1d7df0$bd5879d0$@sixdemonbag.org> <11503.1490111087@eng-mail01.juniper.net> In-Reply-To: <11503.1490111087@eng-mail01.juniper.net> Date: Tue, 21 Mar 2017 13:31:47 -0400 Message-ID: <00c101d2a269$056003d0$10200b70$@sixdemonbag.org> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQLaT52vYN+mQSnqjI69yCv6xwS28gK1PiU7Ae1NZksCo0Mv4wHJuHeTAKYHnHefQoGH4A== Content-Language: en-us X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 21 Mar 2017 10:31:23 -0700 (PDT) Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 17:31:30 -0000 > I suppose it depends on how many messages you have encrypted that used > TripleDES as the algorithm. If you don't have an archive of encrypted > messages, then dropping TripleDES is not a big deal for you. I view this like the RFC1991->RFC2440 transition, where although we couldn't drop IDEA completely we certainly made it clear an implementation probably shouldn't use it. I suggest we take the same approach for 3DES. I agree with you that being able to decrypt existing traffic is a good thing, but I'd like to see strong language advising it not be used for generating new traffic. > RFC4880 had AES128 as a SHOULD algorithm. Making it a MUST algorithm now > should not be a problem for most implmentations. Agreed. > I do not object to making AES256 a MUST algorithm. Thank you. :) > To get the most out of AES256, one needs enough entropy to properly seed > a PRNG to get 256 bits out of it... [good explanation snipped] Built-in hardware random number generators are increasingly commonplace nowadays. See, e.g., Ivy Bridge and later architectures. From nobody Tue Mar 21 11:03:07 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 114F9129C5D for ; Tue, 21 Mar 2017 11:03:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.921 X-Spam-Level: X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8fP9A1IDBWI6 for ; Tue, 21 Mar 2017 11:03:04 -0700 (PDT) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0113.outbound.protection.outlook.com [104.47.32.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD213129C5E for ; Tue, 21 Mar 2017 11:03:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Ze25erh/37JzLtJBn9SEOOsBZ4ECQAAhiC2TKRcnaCc=; b=DQdVOraNkawo+jSHhSxrqsuVOO8Oat5csdejSD3m7pNNTdnJoQTXbU3ZARixD0nJU8RmN07U68Z4X0iw+7KqWGU1cIvs2IO0irupxDIsrYFgfwR+GDVjyH8HvkXNiozkRqW+6fRjkRZjXRkVt0L7Zun3H7F2PLbjef6wwkt6KiQ= Received: from BY2PR05CA022.namprd05.prod.outlook.com (10.141.250.12) by SN1PR0501MB1757.namprd05.prod.outlook.com (10.163.130.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4; Tue, 21 Mar 2017 18:03:02 +0000 Received: from BN1AFFO11FD034.protection.gbl (2a01:111:f400:7c10::128) by BY2PR05CA022.outlook.office365.com (2a01:111:e400:2c5f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4 via Frontend Transport; Tue, 21 Mar 2017 18:03:02 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; addere.ch; dkim=none (message not signed) header.d=none;addere.ch; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BN1AFFO11FD034.mail.protection.outlook.com (10.58.52.158) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.977.7 via Frontend Transport; Tue, 21 Mar 2017 18:03:01 +0000 Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 21 Mar 2017 11:03:00 -0700 Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v2LI2xfx028536; Tue, 21 Mar 2017 11:02:59 -0700 (envelope-from mdb@juniper.net) Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id B20EE11446; Tue, 21 Mar 2017 11:02:57 -0700 (PDT) To: "Robert J. Hansen" CC: , 'Ryru' In-Reply-To: <00c101d2a269$056003d0$10200b70$@sixdemonbag.org> References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> <87pohbm5or.fsf@wheatstone.g10code.de> <78804.1490102455@eng-mail01.juniper.net> <00a901d2a24b$3f1d7df0$bd5879d0$@sixdemonbag.org> <11503.1490111087@eng-mail01.juniper.net> <00c101d2a269$056003d0$10200b70$@sixdemonbag.org> Comments: In-reply-to: "Robert J. Hansen" message dated "Tue, 21 Mar 2017 13:31:47 -0400." From: "Mark D. Baushke" X-Phone: +1 408 745-2952 (Office) X-Mailer: MH-E 8.6; nmh 1.2; GNU Emacs 24.3.1 X-Face: #8D_6URD2G%vC.hzU Sender: MIME-Version: 1.0 Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(39850400002)(39410400002)(39840400002)(39450400003)(2980300002)(189002)(199003)(9170700003)(38730400002)(110136004)(305945005)(6266002)(47776003)(6392003)(7126002)(50466002)(50986999)(356003)(5003940100001)(77096006)(76176999)(2906002)(229853002)(53936002)(7846003)(106466001)(53416004)(2950100002)(117636001)(7696004)(93886004)(6246003)(50226002)(5660300001)(8936002)(81166006)(8676002)(2810700001)(189998001)(76506005)(55016002)(54906002)(48376002)(4326008)(86362001)(6916009)(105596002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR0501MB1757; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11FD034; 1:uvpzSDC6Cmv95gF3qnHcKP5zqmho8ht2dXr/3HQkdSDiiy95edk7w3rFvsVaCv3JCiEXmtm8OoWfdl1ZdUJDOPe5bhrhGyE4lez122zs54MuEzdQwgzS49uURA9EqOcqtW4vq3C4w9O3d/0crxJ4N99Avj70QQNttX86sJj2LuE/1brjU7vmruQriV0s7rZ71bBhc0n8Ei3kh+PD6QoQqP2jD87gc/7feHhjcHxhmBuKYFFkwO1uMCMFejetf7HyEojq3imb07AhFygtGiy9Uf2AZpG2mngS9H7H0fs0o/zBgIJOzJIJKhZmRNBrwnTMbvRlUN426iPA9VZFzc7IVXGriaxDXV/46y53PAA0qi0PpGjwlWeZDxxPOWKOZZl9xV1GZ6VRmZzcAG3L+dLacJwMxX2TWucP4pgtQRdW5E/vjwf0WDkWkqfVqB25qZp2fawyyTHtGwJNfERiyfyT6jP284m+xRrs2CMUPPO3FErTARz/E0Uy0NiBRyf2L/iq3RBmae21M1sfU4wr6HlP9Br8hsBKvmD3Z7M2c4yKWzlv1VmArBzzMY/xcTC5+wuwUotkvgDDM4HjMHcJh8cjyQ== X-MS-Office365-Filtering-Correlation-Id: 5fcd5ef8-dbd0-40bf-147f-08d470848426 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075); SRVR:SN1PR0501MB1757; X-Microsoft-Exchange-Diagnostics: 1; SN1PR0501MB1757; 3:EaSJoKnB7FHkoYab419Q6chvbfQCoDXq5SL4NU807XEBLuAkIuZz7Jois6p+fPGj2PrcavGpOwUAlA8QL/SiefJkWgjoOp0T00lHUFhBb08GUK5uGbDtxlR10A3thFMbZTxhGXdVePA4OMMLsz6Bs80ZHsGK2a33Nrf3UUn/NOTn9LhyarO9WJ+VeveYUH06kA4rmIRTxXasCEjP1DoKcIyc/73vdi9ctT4x7rOjwJCbu5IzurvA834Ad1BjGjqx82t4u2UAt8w+gf1LUjnkZW7E60Y7a40+yn36MgewvcOLD0aNvsBLX32rD68ig0VIpDGT1tULUiKPxBoGGbopJHCdkr64MUg9xoSU06gW0PeEVJTYIhr/lKswTQ7pcXtn3vSiJkZ/cvW2Pm7ZWT9Idg==; 25:ri1CXPAEIylOm0QtBLDYwqR1l5mHFaaqcSROLRKa/XB6zF1eSzvXjsKKYHbbVYWNZs7LKsAhRpV1Qwb1CUwWVQBply4/7ZwjFKP20PhLip16CTtKtlxFYyEziDwDnLgBDuz9ob5psIkaYaFAXeQiGyvybHyv06//0kmHrjkkzsD1NXnyRk7A0YbGY3lRqluadXYLNQQraz+f98NNKQW6UsMViVHchuGLhN/aX4HfFONlj0qX6aPEGBULhn4kIl1IMLlxzj3l9hHEYc8AysNXt7iYHGdLgBNIOazBKj3lNoZ+KtYh5KUrMciES7D4RtuDMz0fdkjD0kxpXXnZidU72OOWne7sGlGCTtrZ7vAGgNh09Svry7D5Iyf0gcw58jGbE6pIdwwEGScYYQG+YlP4EMRcXZYC1FFDg/djY6dPbh9T8wI1SHPX2gol+MQR2fy4dhMZ25JcV2a6BnHmDWBWFQ== X-Microsoft-Exchange-Diagnostics: 1; SN1PR0501MB1757; 31:aAPIPK0oYmNCVSjNyoPDR+gCNbyyB6J1tVGI3+ULN5BD+1dKCyTUephp/PpGu8IsYkzN4xhEqh189rS3OicihoTwGid0W2RgZ18xpzH2SgGPTe8DRAAiU91SZZxojKlSS0vbILJlIQiFhdnQBkQraTTCCgiX7UAh34wUakWpBqBVHcHjkbYgDDNyJcRdbJg21M7KbAmJEDhzsWRCEaV2YqjYFtjOk7qcedAStRllui1q1B47DTah8Fwx2rfolX12V0a/diJkzMOiF3N7Ts2YBA==; 20:/91bG3hY4F4fZPp3Gt/YDBflvX0H5dzxy+GReUqMtYJ+tyZJeG7f1VliJLJZDXGaVgJBS/mxnxmwZVr5dgL4XOCRGszKE4P3qIo6HNwDT/0i6zmetF25/V4lyaQ1LpS0ur0cbvzF3BOpQCYMbOYFiSgDQniLxD4SsSxXJo0cD0m3eIIyCMAL0Q/hnXS8TQFZH2JDopzPiHakr914Z2NNGEF0iP3ZOP0V+04x9ALYH0RxLEVLDkFNCnre7Cx0cprnCsE1HBXgQE2ILEkAuGlyjWaFng6pV/tIALRIUmkWbbOtgMEBsiCrHbBUihAFzExYBVtvatGt2x/JBuI8pVmv0Uj+9haftuqCrpK4yoKtADI4fayi7ZObYemXvD00ilipW05KX+9046GuPaXUEatKM6mk1kicrAm+EFGX4Mxr+okuKejxwRNc5IT9iR03sqdGpNI3OqZA6a80ghQ9mCVkpf/plI7wxqJlbRlgrJ3ZUOrMEY7oWPTDti72lMmryx87 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(13015025)(5005006)(13017025)(13018025)(13023025)(13024025)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123562025)(20161123555025)(20161123558025)(20161123564025)(6072148); SRVR:SN1PR0501MB1757; BCL:0; PCL:0; RULEID:; SRVR:SN1PR0501MB1757; X-Microsoft-Exchange-Diagnostics: 1; SN1PR0501MB1757; 4:3ppzV8JbByxKpkDr5jxa0FtBbvIjhNZMYXBctURmrGrvOkw+kKIzpivLpCM4l3S4Z3C7/6d3k12r/vsmgb68JZ2wfmjN+zRK+7S1gx3eOjqTHurN08M8vveskVQFuDeLZ9zjHNnvq2jV2JxwEXpJg63fGFVRFzfK0C2ylffY1XwSi5f5G2t2Wz++/rE42sM9DjWHwJIDcT17kmsAF5kP/GDoW8rMSmwtk1//gU6w3KMoA5nQrhL2XvTx2rRTKip9qOXuMRMUeaM7bCGTTES1OxsM68o1ThifImQSTFNIDcuXvDwlM7+Jrx8VxsN1T6gbMPGcjiGzii8SJqhxpj9ANHvx8hMaJivXx52jTvx4dJ+j8rF+82fL+ErDaOa91lYXatx7iqIAzFq1yAZ2YSvFBD2of160Y1ZpLBWPI646aZ6LX1KAJTZZn2KvcFj6T9ZL1J15GlkdniZChfNrT3Cjj9i0FF6uEIz22jpYlYQU10GOCoNsTp07/PKMnowN2f/NfG6bhXYndNjeztso539G4hNhU/Avv1WuvtE+tgPspuPVgDp9pGSPXU60eOi6t1zLP9XwQnoRrHfDBudd8q5HvgtvTaeBN12oRjiM1fB6jqNT3dDndPLRH6cWahBhXhF+Bn5riXlAPRapgKiwhZ07lTaesExWWRgEUo+qkVqWtyA8hlMKjtk9I1lGRNcBhUR2xcJCKsTUlfeeLlBMImV7Qg== X-Forefront-PRVS: 02530BD3AA X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR0501MB1757; 23:AM9HoLCLs9pZxRzGOYzy1AVJ5B1LOQeS3VFCyE+?= =?us-ascii?Q?2e0YjIALp1ikFQRh4mObGJ7T8gfcdjQop243g2HCK9+QMfkSbmx5uVIq9pte?= =?us-ascii?Q?FWj0HC6pGE1CS5jOj969kZVGEZ1u3CXENWalboNamL0ZBLtupPV86FNyjeMf?= =?us-ascii?Q?1DZupIZiswPkRebYI1aBhoSvkHUiIbTtlxLcT67Jea8dxzI/ilEE1ha/Vtuz?= =?us-ascii?Q?uew8vKiR7QnXEkq1zCSq15zfAwkMGbTkSVRxjuKd9ywiM8cragmmNbp+RO7Z?= =?us-ascii?Q?JtUCSbgy2GQhVqvDAHFvaXOdkGtEA5iRso/nI9NHIcBqtSsHlOlsYj/n3NKs?= =?us-ascii?Q?6jtU8HbHrOUFj+Cmo0A6bm1rAnS2nx3UqYv1vRX9WZGlrCuoGT2fOPg0UasC?= =?us-ascii?Q?zIyXGHNe3N3mBTWQNP3IG4QOJxlQkxD/lEQh3/7aFzwxfmtbNvNrGC1gV1sT?= =?us-ascii?Q?+UqNzDbFFaxYp+8ClyScuy3Lyu6VzOn1yIHZZ0WNIWu55JAbaNFS/gNrrJZA?= =?us-ascii?Q?RPMbw8If6jJ3Ybi2h0RwdUuJzyKkTHHhxuJE3qFtr5CrYQ5/zxLPW0cTN3ZZ?= =?us-ascii?Q?i4DGZF0+G9LGAclHE23mjJYuEP2qqN6xJk4VxUgah+07xitdmsIx+DIysfrM?= =?us-ascii?Q?bM6PlLyNkp8whsSwlabqVJxV6tcokIEcuqFM0Lv0geWxlO+xs31YM/YqXPM3?= =?us-ascii?Q?DWwvvPVSsvQFjvAUEl1EjJiMh/MeegwORrqF1A7xYCklsscU96tPdgUOHozj?= =?us-ascii?Q?sZ1A2J2PDUcOT4KvkAsYWTTjx4aym/KuTEglLQcJYvv3srQh8jH1smiYCCB3?= =?us-ascii?Q?pOhfhhSrQBreUkPJaEhSGhAESZsFRgjMyEx40ZNNGTxxP6qteRnCz3qJ+klk?= =?us-ascii?Q?xbuxuDy+o0OfJgpXmPpHf7wgF9CEpPb6FXJwmWp/q/XxRCvIe9fyeyseeGRm?= =?us-ascii?Q?eKlDC3OILEigqmb75YDPSIFPMeEsP6U5M5XuvhEW0c3Iz+YshAw4VhFGRrbp?= =?us-ascii?Q?fG04ZVjZQ6+upseg46PFSlWMUutpEIRxRLnMqAVQYHKt/BPT1SkfFzv22Zrr?= =?us-ascii?Q?08DlzQQMGn1MDDPawm5zHbMakRDZ2VmsmlwGMq7DQdR18IUqaP8WrTvVPO2b?= =?us-ascii?Q?VLMYBjYxvi1UwrJZl1je6wYA7zonp9z2rAPE13EyEx25mHMusd8SWrw73vmK?= =?us-ascii?Q?ncrAyQOdSJ70qqJcUWxj+38a47ZQvAehNbrbBLhvtlBL/W6OuagxzVR69Zg?= =?us-ascii?Q?=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR0501MB1757; 6:5y7Vd/CSfzsLJinEBb8gyFzAOtW52ZdC3mTu10F37ucNQY/G60QJSJIbmdepEvS8j0+DUGOXT5R6FNK35KhBxvXJhWhgver/knImFsak7Ws6+e/dR1DDUxSMDrQFc/MP7Z+Qw9yfq60kR12+tVV3gTCQc//CiGNYV4Cm53mID6CgNIPR1pkrHW8a/qHk70xvyY5HM2M4w2RtIMTrxvkswIXvlVfgumGowEddy6nuMQe2m0ml+51GclbvH18MZdqsAQLRhP2l006NlEtvY37JEaMT9PQseg/k3iedjOlFoTcaHEQPJYB9LC3LKm7jm2+Zbl+RIbwqmsolqAB/Q3AvDauAk8okS4Qgo0lCW+ybSq6VblYrjnTrEfih4lMtJaXGpEYKjdys+JhiN4/6c8i3cmpcwn5NuuXpPoa4uSe/jIU=; 5:mpLw3eeZcP3jxMze8CWxZBJB2Rb2mc3tMQ4pochf+mXannNJQ5ORrFNYG0otUOj76wqNUq3Zcm1VWJvd0OUDZNK2gOeryWpAMsxk+wmiiy+CgftjrdRrUkKpYkxjbq4BB3VtlXkqCBLOGqA1Qn5RSQ==; 24:B5lcgYS5oaiqZ0RoeUvV//Ur45dg0/WihDDCxeLjnvbqPj7LfzIbpBR+pC+7A09WJ3QXxZLx98Rh1jxoTkyqwaYzuXbVh3fbdLqwhO7Akbg= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR0501MB1757; 7:ohjQfwD96CHLVJFS4+LnIvHMcQ5xQZkMHUlujY/OOEPaX8ZLFznGOVP7JBA9wrxRrbyU1fWRyjV6H0nCkTckWGX5H6WeppbaHcWEYXET7crZDR+oFzuojjkpd2Gy9oGX8LIN5hKQCEBm5+fLwBU0wmcdYa27/X8GL/vVOvBcbvQ9lzU66RN/oXV5WMj6vSEVrmzruVO6uTJ9vGJgYAVewoU/tCWcYyUQ/hPmXZO4R17F/N9s80ngB4TDccyX7kDg8jNUi8t+3JmpANpUNt5FKaKIeH29FMNTfk8v0fgrZj8pFbNkPfaGlZjhabqimdSGPfpP6oogjOxQMf9pmUM67Q== X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Mar 2017 18:03:01.7576 (UTC) X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR0501MB1757 Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 18:03:06 -0000 Robert J. Hansen writes: > > To get the most out of AES256, one needs enough entropy to properly seed > > a PRNG to get 256 bits out of it... [good explanation snipped] > > Built-in hardware random number generators are increasingly commonplace > nowadays. See, e.g., Ivy Bridge and later architectures. Tell the Linux kernel folks to trust RDSEED or RDRAND instructions... :-) Right a GNU/Linux user should use rng-tools to inject entropy into the kernel by grabbing bits out of the RDRAND or RDSEED instructions. -- Mark From nobody Tue Mar 21 11:21:10 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF09C127BA3 for ; Tue, 21 Mar 2017 11:21:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0KR5s5x4836V for ; Tue, 21 Mar 2017 11:21:08 -0700 (PDT) Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) by ietfa.amsl.com (Postfix) with ESMTP id E123C129C58 for ; Tue, 21 Mar 2017 11:21:07 -0700 (PDT) Received: from WBC109C4 (unknown [4.16.247.2]) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id 769111231FA51; Tue, 21 Mar 2017 11:21:07 -0700 (PDT) From: "Robert J. Hansen" To: Cc: , "'Ryru'" References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> <87pohbm5or.fsf@wheatstone.g10code.de> <78804.1490102455@eng-mail01.juniper.net> <00a901d2a24b$3f1d7df0$bd5879d0$@sixdemonbag.org> <11503.1490111087@eng-mail01.juniper.net> <00c101d2a269$056003d0$10200b70$@sixdemonbag.org> <28290.1490119377@eng-mail01.juniper.net> In-Reply-To: <28290.1490119377@eng-mail01.juniper.net> Date: Tue, 21 Mar 2017 14:21:32 -0400 Message-ID: <00c701d2a26f$f833f570$e89be050$@sixdemonbag.org> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQLaT52vYN+mQSnqjI69yCv6xwS28gK1PiU7Ae1NZksCo0Mv4wHJuHeTAKYHnHcC1Pz9yAJKOEzpnxmYYNA= Content-Language: en-us X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 21 Mar 2017 11:21:07 -0700 (PDT) Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 18:21:10 -0000 > Tell the Linux kernel folks to trust RDSEED or RDRAND instructions... Oh, good grief. Here's "a Linux kernel folk" on RDRAND: https://www.change.org/p/linus-torvalds-remove-rdrand-from-dev-random-4/resp onses/9066 Don't like RDRAND? Fine, don't use it. But please, don't tell me hardware RNGs are rare or exotic nowadays. They're not. On consumer and server-grade hardware they're as common as dirt, and I'd like it if the OpenPGP spec reflected that reality. From nobody Wed Mar 22 01:48:29 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E560B13158A for ; Wed, 22 Mar 2017 01:48:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3vP71pHG_31b for ; Wed, 22 Mar 2017 01:48:25 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 635F91315A0 for ; Wed, 22 Mar 2017 01:48:09 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cqbw7-00027H-Ao for ; Wed, 22 Mar 2017 09:48:07 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cqbsC-00069X-FD; Wed, 22 Mar 2017 09:44:04 +0100 From: Werner Koch To: "Mark D. Baushke" Cc: "HANSEN\, TONY L" , "openpgp\@ietf.org" References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> <56ED3B74-0BA4-4DC2-943E-B1CCD1F32AE2@att.com> <11858.1490111702@eng-mail01.juniper.net> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "Mark D. Baushke" , "HANSEN\, TONY L" , "openpgp\@ietf.org" Date: Wed, 22 Mar 2017 09:43:57 +0100 In-Reply-To: <11858.1490111702@eng-mail01.juniper.net> (Mark D. Baushke's message of "Tue, 21 Mar 2017 08:55:02 -0700") Message-ID: <87h92litv6.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=cybercash_George_W._Bush_Medco_NASA_Dateline_radar_Aldergrove_Elvis="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2017 08:48:27 -0000 --=cybercash_George_W._Bush_Medco_NASA_Dateline_radar_Aldergrove_Elvis= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 21 Mar 2017 16:55, mdb@juniper.net said: > and we do not yet really need SHA-3. That said, if you want to add > agility to OpenPGP, you could define SHA3-256 and SHA3-512 code points. > I see little point in any of the other alternatives. I added these codepoints to the list of hash algorithms. | 12 | SHA3-256 [FIPS202] | "SHA3-256" | | 13 | Reserved | | | 14 | SHA3-512 [FIPS202] | "SHA3-512" | Okay? I also updated the reference to FIPS documents to the latest versions. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=cybercash_George_W._Bush_Medco_NASA_Dateline_radar_Aldergrove_Elvis= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWNI5TQAKCRD/gK6dHew1 jQE3AQDzlGYaBl3cEbKmtqEr2ytt1XV7QkUNkG7KlWBSEgD3fQEAjJblT71iNOjO jHhrnxaFmkLvWzGtRvkpLZclc5cZYw0= =JjqG -----END PGP SIGNATURE----- --=cybercash_George_W._Bush_Medco_NASA_Dateline_radar_Aldergrove_Elvis=-- From nobody Wed Mar 22 08:08:56 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F1A0129464 for ; Wed, 22 Mar 2017 08:08:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.922 X-Spam-Level: X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R3xW0orNsKeX for ; Wed, 22 Mar 2017 08:08:49 -0700 (PDT) Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0091.outbound.protection.outlook.com [104.47.33.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6ECFA129975 for ; Wed, 22 Mar 2017 08:00:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=0bEP10jJCTA+cbSMqMOkB0raobo3aExeEwRLyFrsUeA=; b=RPZrrbaA+alnSzOJQSrOmhIUNk18yQCLoqvH9avmHd4p15b7R+EpvGnN5PI5b2OxQuIxrmdYBMNAQCiObCKYeX8iquu6Ln0ctNska4QRZT2iQdAIugBeDvHbylrnZ28SsP1PD9oWfuOLim6BY/Bowt7ys/VusB1jkATRSPZZTnc= Received: from MWHPR05CA0013.namprd05.prod.outlook.com (10.168.242.151) by CY1PR0501MB1755.namprd05.prod.outlook.com (10.163.140.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4; Wed, 22 Mar 2017 15:00:47 +0000 Received: from BL2FFO11FD035.protection.gbl (2a01:111:f400:7c09::137) by MWHPR05CA0013.outlook.office365.com (2603:10b6:300:59::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4 via Frontend Transport; Wed, 22 Mar 2017 15:00:47 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; att.com; dkim=none (message not signed) header.d=none;att.com; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BL2FFO11FD035.mail.protection.outlook.com (10.173.161.131) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.977.7 via Frontend Transport; Wed, 22 Mar 2017 15:00:46 +0000 Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 22 Mar 2017 08:00:20 -0700 Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v2MF0J8I009733; Wed, 22 Mar 2017 08:00:19 -0700 (envelope-from mdb@juniper.net) Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 9692311454; Wed, 22 Mar 2017 08:00:02 -0700 (PDT) To: "HANSEN, TONY L" , "openpgp@ietf.org" In-Reply-To: <87h92litv6.fsf@wheatstone.g10code.de> References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> <56ED3B74-0BA4-4DC2-943E-B1CCD1F32AE2@att.com> <11858.1490111702@eng-mail01.juniper.net> <87h92litv6.fsf@wheatstone.g10code.de> Comments: In-reply-to: Werner Koch message dated "Wed, 22 Mar 2017 09:43:57 +0100." From: "Mark D. Baushke" Date: Wed, 22 Mar 2017 08:00:02 -0700 Message-ID: <60459.1490194802@eng-mail01.juniper.net> Sender: MIME-Version: 1.0 Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39450400003)(39860400002)(39850400002)(39410400002)(2980300002)(199003)(189002)(9170700003)(76506005)(189998001)(53416004)(6392003)(5003940100001)(53936002)(93886004)(7846003)(55016002)(305945005)(7126002)(6266002)(356003)(106466001)(6246003)(47776003)(105596002)(2501003)(117636001)(76176999)(2950100002)(81166006)(2906002)(54356999)(38730400002)(229853002)(77096006)(2810700001)(48376002)(7696004)(86362001)(8676002)(50466002)(8936002)(50986999)(5660300001)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0501MB1755; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD035; 1:rs6a6mLQWWEuCN0bMAi4EQDA8m0kI9KAjKehIf52RgT2B5hwgkOvcegfvreR3z8HjlggXQTGJ5mKf+lDtg7OyznYDJAbY5LQ7Kbw8dAK2vC9dB2p95WBYy9iYWHjF6RqUkJ4wOtvH27WqNKKEcbg2ZHr1pksFi6wddIWkTKYEjPH4fxljXcCDu53dPB1ARRaCvgXxxU4vvHAcs+rAL54vlQ2AzlFW3quTeFaGLiarYECVzTpa0ov2Nykz/UOq4AKdkHCFTa0jdVcawbKbfznlyUFHwxBsh/kC2TgPtTg2LRCbICnwMvOofxlNizaH6N0P85hipt8a49ejU3V1QFx95VMJe0vQl5KdXZaq65weBZtHEDKtUmT5y7Pr8tgPPu5qCbYVUWykQpfGgrQAH2Vm6SBZbtd9FGw0ih4i7K9C1T7wgp+2zfM7h5eHq1H0z8I5ZicKIGoR98smPHRZlke2/CILT11FrrVwIw2prE5XNW5xP/4aAj5/8ZAX974ZuRLrl8w8bb1OyyRjKyATqnGlsD6oWBe/PRPCxreK63eF6MiIFIOZrOAuSayi5S+4LtU X-MS-Office365-Filtering-Correlation-Id: 41994fa5-ec5b-4164-292d-08d4713438bb X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075); SRVR:CY1PR0501MB1755; X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 3:4mvgBZEcTfVRbAuc2XTDGIfIRRPX2ZjRVz/JHKj7MeVlg97mj9eINQg2FxMTBRdqH/6X9diVU6aTpY7bHx4s1g9DRGNKg8/413ow2FIZIDf2CD0BimJNZD0vVhxpLsP8JX+JEFfzzpbF8/km1/eG5sfh97Ow0upiT3Odw79Om4ePWcwiRfMUefpouXVnn8vkYGeBqqoWFx6efthgquaXEnKWhXYMa6d4oZ04MH14RhHJSzDWFeqr77D/feNtkXOrvzHYPJZLsZt+8AZsHbUpICFFfFEQE4OBviUxTYXLPdinawuo9H13zV9Lyf8SXByjMEWS5v1FFTnjU6HehNjxOsr46SDQfwhZWa/l6UyyCjXhdfrBGS8UGtISkUgsUMPlXDbrKAo0AueHYtPENuej0w==; 25:155BYXhmp70U6SIBEc2bvUiMSS9Dbg7u31N+BVikSjs5W8cWGsBCc9Md4atrFWKoZaeM93vJOK6bJOLHGCLmJA5cssGSJTp6nTE/aE7z7iQO3hUfA3SZppjay1AoQAZi7Y/1LM0VO5wkGVbozuTLOkPmZZTO/YTWsh433Oie3FEp3cOQjHIsyChch8tNHv5W2g0xPrFdoi0cSJyqeosrI03zWL6GKPTO1OYP+gBeqvZ1qdd83vOqzuUpFfTX8owKFatbeRwD3aAz67ldt6YNKXUJP6qoGk8hpVRVWU4RPrtLIyCN3JSAY6N8Vaa3/BaryaQTD4rCIIhD1o8Po4VeOaMBnH4tvoqDUjI0d5pPSlzC/ky6VwPAwnzaCDO09EI4faNEGNExY9Hn4c8I2tQ9U296WYUQ5+mfDAeeYMpynvGSkA2jDU0ilz3B/izzxWE4gBjtJSCt3ccOqkAlAvJdbQ== X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 31:JfjzaF4bfMFkjuPKzjw3gGj1rfmLY6G0b95MuGaeGqHtyZQF6S4/WanwVhMmnLEE9Hm4vvfrd3zaJLuX9APz+gtsLnmyuMrCHwgLolGBJcEXUqMOyvwbCcSRaYS+3TbNLNLoho0B0ShgwcW+QuET9N5FCQLY5AUe3cOUsAkMXAji8gYbbzJp2gj07X5ixW6h4ee727EbTjda3BzpiHff04eHJ9bdZnbQafM+hbtT8ZEGuqkOaZ9DAzHVoQ/7vYhBpNVtpew4+mlgi6nzEx8vkgkDW/suOJd8gS1A/zOcdTA=; 20:Za2CfYPrOQvGT+tCwxmkK1MlUpQyvoP9rbsdeG3Ps3dFiUr60F+i589dJHTTEOjR6LvCtyk9iNbx6Qku7f/MSdbILUS5uDQQY4u14hhhoA4w6HGL+Znd5PhbHifSRa6CzRaEmjjkgEOPbi08uufDDQLvJdQpH/9amjEy5VclFhtBkqUJbYLXhDnYnbHyLGUmioyIyzENlAC548C9M501oN/UZjKbTbp8eqyYxhVDSObPo6Vv9ZKhLFyvu+lwuWJOTr3hVWcvGAF9OdRo349gN82arKXU32F5YUm+Vf1oBkjULjeuCSB3XohaJFAUknUIFpm39H22Yhz0VLWnslQVGkuHLyr6Y3T2ONJC5QxH5XYryKhOglLW2wlnpblAau2Qt5h7vLKahNA5xEjbMfNSFPGIVeMMausgim++NH4kNuiVwdZZc3GBUYRUuYmJoSlLj887T+7ExqPeQQ2oox0vgEKHaYvGsfOx7wphgeGlDiKD5EoG06naidGUsTee5c9s X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(138986009662008); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(13015025)(8121501046)(13017025)(13024025)(13018025)(13023025)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123564025)(20161123555025)(20161123560025)(20161123558025)(6072148); SRVR:CY1PR0501MB1755; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0501MB1755; X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 4:tvYs1oaAi9A5f225aR0PyRglqrowejND0wiuYzXeVna1ZrYUlseHBYdzeyI+3etb+ns7Y9PGX9j9plpRrm2PkDpcL+x30GifE8JOZ93ER98XQB0SZdaN34e1krvJ5e/3bfcQcJ96amMiVD318qttwX0Bp0fsHmak4YLEoETj5N/3EzOp9WYMfbsjGrfaSs7xA4xp7zKJG5a9e7+UDxMdgNyIP0aoKvDPCFUvnrd/+p+vrLUyzdduviBUuiZpbiA4UhlQix8eKWLsa+gFxm7jl+UCq9DoF2GGzow7VUNFQXto+EviGfvVjLDzd/okGjZL65i6uYKv7fTZYtRQebalYgMfMLcbI89Hm6eSa8859PFowclAkVZvTv+NDx90GdDYvalNCtpizs4xgDty0b8C1zbp+KM3/VxBAoM1F4aH+25GQr+8EB8XCzOTRIhQI2huDXd3ZBphSkFahoe9EZw2s+W6J4hbFrTI1I4e/a6Ibw35qE9GqWhAo7K/gd6vkuJmQdV+Ak6XIwRnykQYCDbTZJ+KaUp0CpaeythmnL+IPAdhihoKA8zl3fKh/97hb70Gr4bvp8MH0GdBSFLrXd2B+eYqeBUFxMKmEXI1gikww8ueZ/e7Vjl16EAeMMkHA9ukRV50TIWFaoVYTXcqM1UoXejwgyoN23jZUOR+sZ9zsuM0gaFs4fxpJnNwzszFA03GIzMlmcetLq8qba5hyCxyu2vxFwFg3zaOtkz4kCguv8eaLtz0S1HDe8ZTcRvmNFtCFIiO/h5g0PBtvt5IiNW8Jw== X-Forefront-PRVS: 02543CD7CD X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY1PR0501MB1755; 23:liTQMmIn2cNItOC3ZYu80J5SSTc404ofx6bdHuZ?= =?us-ascii?Q?wGoE+RRHyyIhkyKDcfqaOPDJIGJ6SSSUSpamLyRh3D1UwdodvNNcnHUV3J4Q?= =?us-ascii?Q?aK/w0jH3eXRYPh2KuDd2jGqnSgqX1D+WBNIYFF82TdnYCu1vigc/d2q52k2f?= =?us-ascii?Q?MlKyLs6yKHAgYw39b4EjhJLRQUeHjm5WXGNL79GuKmZ8yZPWaAdyLFK7mNgU?= =?us-ascii?Q?bHvnRSDfXpJhxAfG93OAmBJqlfFHYjYxr5MRA8csY6Qe4msToZLzcj9JsTYn?= =?us-ascii?Q?l6D5iickk8J2HqYZNmvZLXrz9toX3BbWqnEk7KjSdFyz+M1GcNsuORgMcMj4?= =?us-ascii?Q?4J39TD7suWVgU40L/vY4iU/J008beLgTheehIWLXwRBF17KL8XUKJjrjHDjX?= =?us-ascii?Q?6xT1RJzmFhJ/uFsVYyDpQzq/44tuvFPm88geuuFvzSTtwUs7W+Q3FRUEvx3T?= =?us-ascii?Q?b/EQwgsp6pyN8PdNxXJo2TVdDLVgIjYSmucGyMun5HJ/LWOk9Q2fScmMto/n?= =?us-ascii?Q?zKaSSGwbqN16DtpnKkVo4GqZq1nhAZCIMlczpzhbcigWSmWYINCEqzihyeG9?= =?us-ascii?Q?1ziBd9YYdJg2f1qzmxEOcjbJ5nk39ciRb4y85FtBx5w3G/FyIu9Q3N5VsyZ/?= =?us-ascii?Q?7raYMrS1regxkcQK94YzxlDUwEqDtqM2L7giSi8Q45jRCP3pyWWjqB7lL2Ia?= =?us-ascii?Q?Fuo92DDTU3Q4Uzx2YPOLLzD6G0EZsjTyiAZZ9IUXJ6XLmnSzwmcVl/dHUCHq?= =?us-ascii?Q?NvcnDggc45G6svpYoFKFFW6EBHKtAa7MV2xDHsUdCQEBICkGgPsLDlCK9WYY?= =?us-ascii?Q?btUIPN/y5HnLdf+9zU4XoeHMqphb++wV8xEiOAG06WjF/fm+R+U21oIlKThV?= =?us-ascii?Q?M+c6vuh4bYoznNbtIMHBLG9nGzJ7wcH5sMK+oOWpNlizQ85Ri6cZw0EHNfhR?= =?us-ascii?Q?D4UzKATlxfcIFG7Je8BZ9KLen2vwbVMBRzQx13koDg96tJ5Rl4zQ3GCqaI/T?= =?us-ascii?Q?ejBJeYmR2+bC6ZnLl3H4HmKxrmX0eZrK5RKvrkPh++0bAqg9JDzmwA5oMSiJ?= =?us-ascii?Q?ctnVO+hH/oVqcxBU2UMaxwZzTpunGAwAd/9wKvi3aCGrnw2f8vKPopylg0N1?= =?us-ascii?Q?IS1mVix/U99bwj74AEAVXrrah2GZDFVhES1U3JCrV2FOSeWDSxuJRbQ=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 6:jiWxtL5NZrLNQslxD5j0lQEG/lBuZUqhjumVqPwvAc+Rve1yHvQsI+VGpTAihS5T9pTx3kjU2XwXK3sDHchxCfMgAVfd6pwjuOf/B4xPApuTJaQm3oFMaMDVOl4WCnF3hOWfuIBCBfa6dP8CKfkEGG3nJNIl1394P82EvEdayzJwGhXRmdnMJsMw9qkaw0mq7dhFdLlkSpaxpMg0IVJmYfekGtMN8aERfSDBWxoV+qL5pwftAzhYHVhZBdnzAxAB1rnvfPnaBEXHDfgnbs3NJtbwcWvrx9Sa66vcmjJTcYAj0HKVPlEW8nsjK8z62CGG6572fZj09eMM0M8iJ7IEt78wmX0+LIL7BQ68ZurXKBSIOROM11PBzeBdsijMM1Y2BVrn437mrwPVG7fnC6/dL9BnS5G+UrAJivYzVKy0z5o=; 5:XUonHYi8SqfP00uR/lmw8ebhZFXJg4/4zEQsC/8mvTuo33lLaWzyNKSx6Tqn7IXsVg+y9C7YAJusWkIME6aIX02HMjN3bUFqd2q7HmYNZINDXMHV4wp1TfCjWSNudTf2Z6UjhrMTCYwH1vvS0Gpsag==; 24:8978j83Zi+LCay+N1p3cTjZgdj6CalaNesl+68myjuXFYNWzBD4wRERoZIXVqFV611kny83fTB/0LSsTocMFvfBaT2agC1/7XFY2CWWDUkQ= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 7:iVSV1MN1Q1z9iI2EUUpM5a2RMck54NJUQqAFvTLysYCbR3m36vbi4+aQoKGwY+USSTDN07Gzi11ufNyZoCJKicJKyRR9rhyKK4O6QH3mX1XFTiPk2pNE2YA17aspcBhfmG6chj1NNT41CyhgsQkGE0txLQWAm7FhVqvacr9DWXyiryv+ZcIi0dicQuJ7E3LW9D5veMXl28PozIVtHmwCZ/JaTHUCsp8OGjHVZQQ+jLztXM7+ydIdP9PbQ6FbIV4ehCND8cQUoIr4jymcXII5rdUunXsZkFE9Up393qv49R5MsHlWpKRoT6kOVPqTy4KF/piV1V8LwViDw/YTebyeLQ== X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Mar 2017 15:00:46.7926 (UTC) X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0501MB1755 Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2017 15:08:50 -0000 Werner Koch writes: > On Tue, 21 Mar 2017 16:55, mdb@juniper.net said: > > > and we do not yet really need SHA-3. That said, if you want to add > > agility to OpenPGP, you could define SHA3-256 and SHA3-512 code points. > > I see little point in any of the other alternatives. > > I added these codepoints to the list of hash algorithms. > > | 12 | SHA3-256 [FIPS202] | "SHA3-256" | > | 13 | Reserved | | > | 14 | SHA3-512 [FIPS202] | "SHA3-512" | > > Okay? Yeah, this seems reasonable to me. I do worry a little bit that we are adding more flexibility than we need today which could make it more painful for all implementations to properly interoperate. > I also updated the reference to FIPS documents to the latest versions. Okay. -- Mark From nobody Wed Mar 22 11:43:14 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8263F129BE6 for ; Wed, 22 Mar 2017 11:43:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w_TFePBFKFWu for ; Wed, 22 Mar 2017 11:43:10 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8ECA6129BCB for ; Wed, 22 Mar 2017 11:43:10 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cqlDw-0003DH-7Q for ; Wed, 22 Mar 2017 19:43:08 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cqlAW-0006QT-Al; Wed, 22 Mar 2017 19:39:36 +0100 From: Werner Koch To: "Mark D. Baushke" Cc: "HANSEN\, TONY L" , "openpgp\@ietf.org" References: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch> <52027.1490051694@eng-mail01.juniper.net> <56ED3B74-0BA4-4DC2-943E-B1CCD1F32AE2@att.com> <11858.1490111702@eng-mail01.juniper.net> <87h92litv6.fsf@wheatstone.g10code.de> <60459.1490194802@eng-mail01.juniper.net> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "Mark D. Baushke" , "HANSEN\, TONY L" , "openpgp\@ietf.org" Date: Wed, 22 Mar 2017 19:39:35 +0100 In-Reply-To: <60459.1490194802@eng-mail01.juniper.net> (Mark D. Baushke's message of "Wed, 22 Mar 2017 08:00:02 -0700") Message-ID: <87zigdnok8.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=clandestine_Ansar_al-Islam_quarter_ASO_strategic_Adriatic_Defcon_PLO"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Default preferences for the future X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2017 18:43:12 -0000 --=clandestine_Ansar_al-Islam_quarter_ASO_strategic_Adriatic_Defcon_PLO Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 22 Mar 2017 16:00, mdb@juniper.net said: > I do worry a little bit that we are adding more flexibility than we need > today which could make it more painful for all implementations to > properly interoperate. I can understand that. But for sure people will ask for those algo ids and eventually the IETF will assign them anyway. Thus we save discussion here in the WG and move that to the implementers which now need to explain why they do not want to support SHA3. Interoperability is only an issue for signed-only documents because for encryption we use the preference system. These problems are not much different than the status quo.=20 I won't insist on having the SHA3 code points, though. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=clandestine_Ansar_al-Islam_quarter_ASO_strategic_Adriatic_Defcon_PLO Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWNLE6AAKCRD/gK6dHew1 jertAP9BMyl3rfXwOq6To0C/L0+iUM4mL71n9FQcjGUPEigIwwEAsHlebGKs6l5a kpcBbN7rO8tEj0EZj9CkzScR/JXxrA8= =9YiW -----END PGP SIGNATURE----- --=clandestine_Ansar_al-Islam_quarter_ASO_strategic_Adriatic_Defcon_PLO-- From nobody Thu Mar 23 00:58:14 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58B021317D0 for ; Thu, 23 Mar 2017 00:58:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LtS-0wMeKCM1 for ; Thu, 23 Mar 2017 00:58:10 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C7F31317C0 for ; Thu, 23 Mar 2017 00:58:10 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cqxdI-00041j-7H for ; Thu, 23 Mar 2017 08:58:08 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cqxYR-0007Xh-UK for ; Thu, 23 Mar 2017 08:53:07 +0100 From: Werner Koch To: openpgp@ietf.org Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: openpgp@ietf.org Date: Thu, 23 Mar 2017 08:53:07 +0100 Message-ID: <8737e4o2e4.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=threat_government_csim_Fedayeen_strategic_MIT-LL_Clinton_passwd_SWAT"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: [openpgp] Summary v5 fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2017 07:58:13 -0000 --=threat_government_csim_Fedayeen_strategic_MIT-LL_Clinton_passwd_SWAT Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi! I try to summarize the positions on the v5 fingerprint porposal: In favor of SHA-512 truncated to 200 bits: - Thijs: Not a strong preference, though. - Jon: Speed of fingerprint computing doesn't matter. SHA-512 is more future proof. In favor of SHA-256 truncated to 200 bits: - Vincent: Even wants to truncate to 160 bits. - Derek: Better for small systems. He gave numbers and showed that for fingerprints SHA-256 is even faster on systems where SHA-512 is in general faster. - Peter Gutmann: Better for small systems. - Werner: Allows SHA-256 only implementation to support IoST systems. Other comments: - Jon: Use SHA-512/t to have a well defined truncation scheme. - Peter Todd: Do not truncated because the saving is not worth using a non-standard scheme. - Brian: Use SHAKE128 or 256, will be needed anyway if we add Curve448. - Werner: Using SHA-512 would allow compliant applications in case Ed25519 would be a mandatory algorithm. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=threat_government_csim_Fedayeen_strategic_MIT-LL_Clinton_passwd_SWAT Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWNN+4wAKCRD/gK6dHew1 jQUxAP9isr16Abra17L6ogd0NUtp+E4HqSLYWVdPPIDmFqeY+gD/VhIDdjgiDz8D uW5rCthO0wNQJlpMNjmxkliUpNhtxw0= =vniE -----END PGP SIGNATURE----- --=threat_government_csim_Fedayeen_strategic_MIT-LL_Clinton_passwd_SWAT-- From nobody Thu Mar 23 04:18:11 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 016E9131589 for ; Thu, 23 Mar 2017 04:18:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ilX9hNsWvSDm for ; Thu, 23 Mar 2017 04:18:08 -0700 (PDT) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A34D131593 for ; Thu, 23 Mar 2017 04:18:08 -0700 (PDT) Received: by mail-wm0-x236.google.com with SMTP id n11so59690677wma.0 for ; Thu, 23 Mar 2017 04:18:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=9mE0ikG5UQyiExymuoYWC1Wwb1ZEIaWQ/89swTTpipc=; b=O++PbiTvRpY1Zm6o3unn7p3GoMRZ6ltHS0jw+dMXetiA7qh2R4kKBfhiE+skHJSkVO 6UaZh0PPSh9bg0dcvGtRJh1f1PNPRwSar7aT0msclTGhsHb3airywSysxoc8H/Y16Ofv 06t3CpgHCxwCO9tHdaj1GdiCvvNTG7MzmQacgq3+o4H4l32NkYsNebIEPZFa8a0po5tk JlYCYjSbC5hYDaEs+R35S+CpF7WElbVYCrH7dyIoQR0Jqo7f5TW6PvnxWGM6erVcJ8E6 HmK6cS4P/vtcwhGG4exf55YBs7/hADi2r/h2Ur9W8CElXscz1lE4J3DDT1NI3vxoiPBy CcWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=9mE0ikG5UQyiExymuoYWC1Wwb1ZEIaWQ/89swTTpipc=; b=TSICs44PONslBT9YuMgtsA3HMih4kbU5VDyC+FqqTomjRQ4Hi2M+6QtXpnmOxyBcF1 YzRNWc0uGdTC69636qKQCqpuqROxL9ZMRdYOpQpmJ3V5nqDLSNd8/aA8qTrcN2Y5s/Em OUr4mkOPl0Z771KgtdoVSu+FK9RwUN4nUz2ISuHtL1ohmIhfrrjy3gbmrnLLsI0V9mbh eOdvIgkZsW/ejV/TT9tsaKafwW0HGasoiGFz0vW2R6PGuZrPJhyXKbxQtyM2zt8ymqDa ntC0PMzvY+E4pHK3JT2p6H0X4UQePX/B+/YEVibvtG6pXAOUHztLKqS5hRsr9o0Km2Vf sp4w== X-Gm-Message-State: AFeK/H2Xn4nhzHrL6O/DO5vv1cQInRxJGOYS6CTX4fm/7+lMOhlQEnuI0x21glQ4l6gQbH0uX6dLjE5Hzd7HIQ== X-Received: by 10.28.19.207 with SMTP id 198mr2165715wmt.49.1490267886307; Thu, 23 Mar 2017 04:18:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.128.45 with HTTP; Thu, 23 Mar 2017 04:18:05 -0700 (PDT) In-Reply-To: <8737e4o2e4.fsf@wheatstone.g10code.de> References: <8737e4o2e4.fsf@wheatstone.g10code.de> From: Nicholas Cole Date: Thu, 23 Mar 2017 11:18:05 +0000 Message-ID: To: "openpgp@ietf.org" Content-Type: text/plain; charset=UTF-8 Archived-At: Subject: Re: [openpgp] Summary v5 fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2017 11:18:10 -0000 On Thu, Mar 23, 2017 at 7:53 AM, Werner Koch wrote: > Hi! > > I try to summarize the positions on the v5 fingerprint porposal: > > In favor of SHA-512 truncated to 200 bits: > > - Thijs: Not a strong preference, though. > > - Jon: Speed of fingerprint computing doesn't matter. SHA-512 is more > future proof. > > In favor of SHA-256 truncated to 200 bits: > > - Vincent: Even wants to truncate to 160 bits. > > - Derek: Better for small systems. He gave numbers and showed that > for fingerprints SHA-256 is even faster on systems where > SHA-512 is in general faster. > > - Peter Gutmann: Better for small systems. > > - Werner: Allows SHA-256 only implementation to support IoST systems. > > > Other comments: > > - Jon: Use SHA-512/t to have a well defined truncation scheme. > > - Peter Todd: Do not truncated because the saving is not worth using a > non-standard scheme. > > - Brian: Use SHAKE128 or 256, will be needed anyway if we add > Curve448. > > - Werner: Using SHA-512 would allow compliant applications in case > Ed25519 would be a mandatory algorithm. > I'd add this one: any time a spec does something non-standard it is a lightening rod for criticism and FUD. Even if there are good and rational reasons for doing something else, I'd advocate using a standard hash without truncating for that reason. Nicholas From nobody Thu Mar 23 07:01:48 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D77A12973A for ; Thu, 23 Mar 2017 07:01:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.396 X-Spam-Level: X-Spam-Status: No, score=-5.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.796, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PocK6FEqwOCb for ; Thu, 23 Mar 2017 07:01:45 -0700 (PDT) Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD164129739 for ; Thu, 23 Mar 2017 07:01:44 -0700 (PDT) Received: from pps.filterd (m0049462.ppops.net [127.0.0.1]) by m0049462.ppops.net-00191d01. (8.16.0.17/8.16.0.17) with SMTP id v2NDsfS3037115 for ; Thu, 23 Mar 2017 10:01:42 -0400 Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049462.ppops.net-00191d01. with ESMTP id 29cexjt4s5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 23 Mar 2017 10:01:41 -0400 Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v2NE1dAM014965 for ; Thu, 23 Mar 2017 10:01:39 -0400 Received: from mlpi408.sfdc.sbc.com (mlpi408.sfdc.sbc.com [130.9.128.240]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v2NE1Vx1014740 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 23 Mar 2017 10:01:36 -0400 Received: from MISOUT7MSGHUBAD.ITServices.sbc.com (MISOUT7MSGHUBAD.itservices.sbc.com [130.9.129.148]) by mlpi408.sfdc.sbc.com (RSA Interceptor) for ; Thu, 23 Mar 2017 14:01:13 GMT Received: from MISOUT7MSGUSRCG.ITServices.sbc.com ([169.254.7.103]) by MISOUT7MSGHUBAD.ITServices.sbc.com ([130.9.129.148]) with mapi id 14.03.0319.002; Thu, 23 Mar 2017 10:00:45 -0400 From: "HANSEN, TONY L" To: "openpgp@ietf.org" Thread-Topic: [openpgp] Summary v5 fingerprint proposal Thread-Index: AQHSo6s8WRUfl5OasESc8DKr4nbrraGiigCA///qYoA= Date: Thu, 23 Mar 2017 14:00:45 +0000 Message-ID: <728801D2-CB96-4584-8A79-C93278B0437F@att.com> References: <8737e4o2e4.fsf@wheatstone.g10code.de> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [135.110.241.123] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-RSA-Inspected: yes X-RSA-Classifications: public X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-03-23_12:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1702020001 definitions=main-1703230125 Archived-At: Subject: Re: [openpgp] Summary v5 fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2017 14:01:46 -0000 T24gMy8yMy8xNywgNzoxOCBBTSwgIm9wZW5wZ3Agb24gYmVoYWxmIG9mIE5pY2hvbGFzIENvbGUi IDxvcGVucGdwLWJvdW5jZXNAaWV0Zi5vcmcgb24gYmVoYWxmIG9mIG5pY2hvbGFzLmNvbGVAZ21h aWwuY29tPiB3cm90ZToNCg0KICAgIE9uIFRodSwgTWFyIDIzLCAyMDE3IGF0IDc6NTMgQU0sIFdl cm5lciBLb2NoIDx3a0BnbnVwZy5vcmc+IHdyb3RlOg0KICAgID4+IEhpIQ0KICAgID4+DQogICAg Pj4gSSB0cnkgdG8gc3VtbWFyaXplIHRoZSBwb3NpdGlvbnMgb24gdGhlIHY1IGZpbmdlcnByaW50 IHBvcnBvc2FsOg0KICAgID4+IC4gLiAuDQogICAgPj4gSW4gZmF2b3Igb2YgU0hBLTI1NiB0cnVu Y2F0ZWQgdG8gMjAwIGJpdHM6DQogICAgPj4NCiAgICA+PiAgICAtIFZpbmNlbnQ6IEV2ZW4gd2Fu dHMgdG8gdHJ1bmNhdGUgdG8gMTYwIGJpdHMuDQogICAgPj4NCiAgICA+PiAgICAtIERlcmVrOiBC ZXR0ZXIgZm9yIHNtYWxsIHN5c3RlbXMuICBIZSBnYXZlIG51bWJlcnMgYW5kIHNob3dlZCB0aGF0 DQogICAgPj4gICAgICAgICAgICAgZm9yIGZpbmdlcnByaW50cyBTSEEtMjU2IGlzIGV2ZW4gZmFz dGVyIG9uIHN5c3RlbXMgd2hlcmUNCiAgICA+PiAgICAgICAgICAgICBTSEEtNTEyIGlzIGluIGdl bmVyYWwgZmFzdGVyLg0KICAgID4+IC4gLiAuDQogICAgPj4gT3RoZXIgY29tbWVudHM6DQogICAg Pj4NCiAgICA+PiAgIC0gSm9uOiBVc2UgU0hBLTUxMi90IHRvIGhhdmUgYSB3ZWxsIGRlZmluZWQg dHJ1bmNhdGlvbiBzY2hlbWUuDQogICAgPj4NCiAgICA+PiAgIC0gUGV0ZXIgVG9kZDogRG8gbm90 IHRydW5jYXRlZCBiZWNhdXNlIHRoZSBzYXZpbmcgaXMgbm90IHdvcnRoIHVzaW5nIGENCiAgICA+ PiAgICAgICAgICAgICAgICAgbm9uLXN0YW5kYXJkIHNjaGVtZS4NCiAgICA+Pg0KICAgID4+ICAg LSBCcmlhbjogVXNlIFNIQUtFMTI4IG9yIDI1Niwgd2lsbCBiZSBuZWVkZWQgYW55d2F5IGlmIHdl IGFkZA0KICAgID4+ICAgICAgICAgICAgQ3VydmU0NDguDQogICAgPj4NCiAgICA+PiAgIC0gV2Vy bmVyOiBVc2luZyBTSEEtNTEyIHdvdWxkIGFsbG93IGNvbXBsaWFudCBhcHBsaWNhdGlvbnMgaW4g Y2FzZQ0KICAgID4+ICAgICAgICAgICAgIEVkMjU1MTkgd291bGQgYmUgYSBtYW5kYXRvcnkgYWxn b3JpdGhtLg0KDQo+ICAgIEknZCBhZGQgdGhpcyBvbmU6DQogICAgDQo+ICAgIGFueSB0aW1lIGEg c3BlYyBkb2VzIHNvbWV0aGluZyBub24tc3RhbmRhcmQgaXQgaXMgYSBsaWdodGVuaW5nIHJvZCBm b3INCj4gICAgY3JpdGljaXNtIGFuZCBGVUQuICBFdmVuIGlmIHRoZXJlIGFyZSBnb29kIGFuZCBy YXRpb25hbCByZWFzb25zIGZvcg0KPiAgICBkb2luZyBzb21ldGhpbmcgZWxzZSwgSSdkIGFkdm9j YXRlIHVzaW5nIGEgc3RhbmRhcmQgaGFzaCB3aXRob3V0DQo+ICAgIHRydW5jYXRpbmcgZm9yIHRo YXQgcmVhc29uLg0KDQpJ4oCZbSB3aXRoIEpvbiBvbiB0aGlzIG9uZSDigJMgaWYgeW914oCZcmUg Z29pbmcgdG8gZG8gdHJ1bmNhdGlvbiwgdGhlbiB1c2UgYSBzY2hlbWUgdGhhdOKAmXMgREVTSUdO RUQgdG8gZ2VuZXJhdGUgYSB0cnVuY2F0ZWQgdmFsdWUuIEFuZCB0aGUgb25seSBvbmUgdGhhdOKA mXMgYmVlbiBkaXNjdXNzZWQgdGhhdCBtZWV0cyB0aGF0IGNyaXRlcmlhIGlzIFNIQTItNTEyL3Qu IA0KDQpCdXQgSSBhbHNvIGZpbmQgRGVyZWvigJlzIGRlc2lyZSB0byB1c2UgU0hBMi0yNTYgdG8g YmUgY29tcGVsbGluZyBiZWNhdXNlIG9mIHBlcmZvcm1hbmNlLg0KDQoJVG9ueSBIYW5zZW4NCg0K From nobody Thu Mar 23 09:53:19 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48FB612999F for ; Thu, 23 Mar 2017 09:53:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QF3OKn_s0JoE for ; Thu, 23 Mar 2017 09:53:15 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DC71129A8E for ; Thu, 23 Mar 2017 09:53:12 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cr5z3-0002Dt-UE for ; Thu, 23 Mar 2017 17:53:09 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cr5vN-0002ds-Qp; Thu, 23 Mar 2017 17:49:21 +0100 From: Werner Koch To: "HANSEN\, TONY L" Cc: "openpgp\@ietf.org" References: <8737e4o2e4.fsf@wheatstone.g10code.de> <728801D2-CB96-4584-8A79-C93278B0437F@att.com> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "HANSEN\, TONY L" , "openpgp\@ietf.org" Date: Thu, 23 Mar 2017 17:49:21 +0100 In-Reply-To: <728801D2-CB96-4584-8A79-C93278B0437F@att.com> (TONY L. HANSEN's message of "Thu, 23 Mar 2017 14:00:45 +0000") Message-ID: <87poh8kkfi.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=high_security_Dateline_computer_terrorism_Majic_secure_64_Vauxhall=C"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Summary v5 fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2017 16:53:17 -0000 --=high_security_Dateline_computer_terrorism_Majic_secure_64_Vauxhall=C Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Thu, 23 Mar 2017 15:00, tony@att.com said: > I=E2=80=99m with Jon on this one =E2=80=93 if you=E2=80=99re going to do = truncation, then use > a scheme that=E2=80=99s DESIGNED to generate a truncated value. And the o= nly > one that=E2=80=99s been discussed that meets that criteria is SHA2-512/t. OpenPGP has always used a truncated hash for the keyid. The change is that with v5 we will use use the leftmost 64 bits instead of the rightmost 64 bit. I explained in the original proposal the reasons why truncating certain uses of the fingerprint makes sense. Jon's suggestion of using SHA2-512/t does not work: if we ever need to switch to the full fingerprint for the two signature subpackets, we would need to define a v6 key format because the fingerprint changes by using a different t with SHA2-512/t. What we put into the signature subpackets is an abbreviation of the fingerprint and this can be changed easily by introducing new signature subpackets. This would be the same as our migration from the /Issuer/ to the /Issuer Fingerprint/ subpacket. This is an non-intrusive change to fix the problems with the use of the 64 bit truncated fingerprint in the /Issuer/ subpacket. > But I also find Derek=E2=80=99s desire to use SHA2-256 to be compelling b= ecause of performance. Noted. Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=high_security_Dateline_computer_terrorism_Majic_secure_64_Vauxhall=C Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWNP8kQAKCRD/gK6dHew1 jTWpAP0Vv1ny9i6ZdpR2cj3eWQNPOEsAODKHNn52dyJv1UTGNgEA6VeHIUl0WqhW 5jmXi+tVEx6kqB3rHV4vpxSMEsfRLAk= =Sgsz -----END PGP SIGNATURE----- --=high_security_Dateline_computer_terrorism_Majic_secure_64_Vauxhall=C-- From nobody Thu Mar 23 11:55:08 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E1F0129B81 for ; Thu, 23 Mar 2017 11:55:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.72 X-Spam-Level: X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 81zv3CnqZxed for ; Thu, 23 Mar 2017 11:55:05 -0700 (PDT) Received: from st13p27im-asmtp003.me.com (st13p27im-asmtp003.me.com [17.162.190.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3911C129B6F for ; Thu, 23 Mar 2017 11:55:05 -0700 (PDT) Received: from process-dkim-sign-daemon.st13p27im-asmtp003.me.com by st13p27im-asmtp003.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0ONA0060073LB600@st13p27im-asmtp003.me.com> for openpgp@ietf.org; Thu, 23 Mar 2017 18:55:04 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=4d515a; t=1490295304; bh=nmmDyhtwvmwQxq7TcbvIo/pOQDQswgWDbUop0Wc4Jts=; h=Content-type:MIME-version:Subject:From:Date:Message-id:To; b=kLaxZI59zcxERIJtSrBqWnowrTYstN0N+KjnLPRMEfbfHYcr8Jyp67ntoVrko9P9G c6RDgdvX3tjQJQxY4w1WOtYh79GH41DIQSiT/lpLVQp+SPOT4259pvu0/bwrsTgzEZ k4ToLy2h/JHa5EXrcLa9cUHv45PhqTeVek8/EOZZHeTdTrv/skBZi16Ywcgr/WdX8r aLMFBvtnIYXx6xt+No4Mpph6kL9xamlfmmteeyFY0X7zchfKFwpjPua0viBczQUgni MH9C8BIQZz2MGCzWwSMWaEiuDPpznzlrjRRhQqG0nQQkoUxNjDGQSygPpDR2V+21dc Kd+iRre1EAZIw== Received: from icloud.com ([127.0.0.1]) by st13p27im-asmtp003.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0ONA00X0T77PT930@st13p27im-asmtp003.me.com>; Thu, 23 Mar 2017 18:55:04 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-03-23_18:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1034 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1701120000 definitions=main-1703230162 Content-type: text/plain; charset=utf-8 MIME-version: 1.0 (Mac OS X Mail 10.2 \(3259\)) From: Jon Callas In-reply-to: <87poh8kkfi.fsf@wheatstone.g10code.de> Date: Thu, 23 Mar 2017 11:55:00 -0700 Cc: Jon Callas , "HANSEN, TONY L" , "openpgp@ietf.org" Content-transfer-encoding: quoted-printable Message-id: <35F1365E-C728-4925-BFB0-F31A3D8EC8FF@icloud.com> References: <8737e4o2e4.fsf@wheatstone.g10code.de> <728801D2-CB96-4584-8A79-C93278B0437F@att.com> <87poh8kkfi.fsf@wheatstone.g10code.de> To: Werner Koch X-Mailer: Apple Mail (2.3259) Archived-At: Subject: Re: [openpgp] Summary v5 fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2017 18:55:07 -0000 > On Mar 23, 2017, at 9:49 AM, Werner Koch wrote: >=20 > On Thu, 23 Mar 2017 15:00, tony@att.com said: >=20 >> I=E2=80=99m with Jon on this one =E2=80=93 if you=E2=80=99re going to = do truncation, then use >> a scheme that=E2=80=99s DESIGNED to generate a truncated value. And = the only >> one that=E2=80=99s been discussed that meets that criteria is = SHA2-512/t. >=20 > OpenPGP has always used a truncated hash for the keyid. The change is > that with v5 we will use use the leftmost 64 bits instead of the > rightmost 64 bit. >=20 > I explained in the original proposal the reasons why truncating = certain > uses of the fingerprint makes sense. I don't have any objection to truncating the fingerprint to get the = KeyID. The KeyID is merely a database key (as in key-value, not crypto) = and has no security value. Implementations already need to consider the = possibility that there could be a collision in the KeyID. >=20 > Jon's suggestion of using SHA2-512/t does not work: if we ever need to > switch to the full fingerprint for the two signature subpackets, we > would need to define a v6 key format because the fingerprint changes = by > using a different t with SHA2-512/t. You don't need a new format, you'd just specify the new fingerprint. You = can consider SHA512/t to be a family of hashes of output 't'. If you're mentioning using SHA512/64 for a key id =E2=80=94 no, no, = that's just unnecessary. >=20 > What we put into the signature subpackets is an abbreviation of the > fingerprint and this can be changed easily by introducing new = signature > subpackets. This would be the same as our migration from the /Issuer/ > to the /Issuer Fingerprint/ subpacket. This is an non-intrusive = change > to fix the problems with the use of the 64 bit truncated fingerprint = in > the /Issuer/ subpacket. >=20 >> But I also find Derek=E2=80=99s desire to use SHA2-256 to be = compelling because of performance. >=20 > Noted. For the record, I don't object to using SHA-256. I observe that there = are a set of cases where someone finds problems in SHA2 that would have = a longer runway for replacement if we're using SHA-512, and *that* is = either a bug or a feature since arguably once someone finds some actual = problem in SHA-256 (e.g. of the sort that has plagued SHA-1 since 2004), = that should be the event that leads to tossing all of SHA2. I also observe that the performance issue is real, but hardly fatal =E2=80= =94 small devices will be with us always and fingerprints can be = computed once and cached no matter what. This is why I didn't bring up = the counter-argument which is that ARM64 is already sub- one euro per = core. The real reason to use a wider hash is that every time we've compromised = on security for the sake of small devices, it bites us in the ass. This = will also bite us in the ass. It's a small bite in the grand scheme of = things, but it's going to happen and it will be inconvenient. Do we have a meta-strategy for an upgrade? For example, if we know that = you'd pick whatever hash at that time the cool kids recommend, change a = couple of parameters (like simply bump the key version to v6 and go), = that could be a recommendation in the RFC. Jon From nobody Thu Mar 23 12:23:19 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B31E129BEF for ; Thu, 23 Mar 2017 12:23:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzBpsSmAvH3Z for ; Thu, 23 Mar 2017 12:23:14 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FCFB13162F for ; Thu, 23 Mar 2017 12:23:11 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cr8KD-0004Uq-MH for ; Thu, 23 Mar 2017 20:23:09 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1cr8EB-0003v2-Ow; Thu, 23 Mar 2017 20:16:55 +0100 From: Werner Koch To: Jon Callas Cc: "openpgp\@ietf.org" , "HANSEN\, TONY L" References: <8737e4o2e4.fsf@wheatstone.g10code.de> <728801D2-CB96-4584-8A79-C93278B0437F@att.com> <87poh8kkfi.fsf@wheatstone.g10code.de> <35F1365E-C728-4925-BFB0-F31A3D8EC8FF@icloud.com> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Jon Callas , "openpgp\@ietf.org" , "HANSEN\, TONY L" Date: Thu, 23 Mar 2017 20:16:50 +0100 In-Reply-To: <35F1365E-C728-4925-BFB0-F31A3D8EC8FF@icloud.com> (Jon Callas's message of "Thu, 23 Mar 2017 11:55:00 -0700") Message-ID: <87wpbfiz19.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=Geraldton_USCODE_AUTODIN_Hamas_anarchy_Area_51_InfoSec_Zachawi_KGB=p"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Summary v5 fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2017 19:23:16 -0000 --=Geraldton_USCODE_AUTODIN_Hamas_anarchy_Area_51_InfoSec_Zachawi_KGB=p Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 23 Mar 2017 19:55, joncallas@icloud.com said: > I don't have any objection to truncating the fingerprint to get the > KeyID. The KeyID is merely a database key (as in key-value, not > crypto) and has no security value. Implementations already need to > consider the possibility that there could be a collision in the KeyID. Okay, let us split the discussion between crypto use and mere database lookup: * Revocation key and Issuer Fingerprint: - For a V5 key the 25 leftmost octets are used. The /Revocation key/ is sensitive in that a preimage attack can be used to revoke a key. That is mostly a DOS and thus not really dangerous. However, I am fine with using the full hash here. The /Issuer Fingerprint/ is a key to a database to retrieve the key for verification of signatures. Thus it does not even need 200 bits but we could also simply keep it at 160 without problems. We could also allow to let the sender decide how long the /Issuer Fingerprint/ shall be. But a fixed length makes the implementation easier. I decided for 200 bits to match the probably used human readable format of the fingerprint. > You don't need a new format, you'd just specify the new > fingerprint. You can consider SHA512/t to be a family of hashes of > output 't'. I was under the impression that we already agreed that there shall be only one fingerprint scheme per key. > Do we have a meta-strategy for an upgrade? For example, if we know > that you'd pick whatever hash at that time the cool kids recommend, > change a couple of parameters (like simply bump the key version to v6 > and go), that could be a recommendation in the RFC. I think this is a good suggestion. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=Geraldton_USCODE_AUTODIN_Hamas_anarchy_Area_51_InfoSec_Zachawi_KGB=p Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWNQfIgAKCRD/gK6dHew1 jc3nAP0RX4dpgE0VDD/q4CbpEEORT57tZ9V+nJY4PurQU/gH9wD/XW8MSAncmrFH kLpyGWUXBJf/dfrtApfcaY2IdxjuaQM= =JDkV -----END PGP SIGNATURE----- --=Geraldton_USCODE_AUTODIN_Hamas_anarchy_Area_51_InfoSec_Zachawi_KGB=p-- From nobody Thu Mar 23 12:58:28 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BC3413165A for ; Thu, 23 Mar 2017 12:58:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDtzledqBkxL for ; Thu, 23 Mar 2017 12:58:24 -0700 (PDT) Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F3FB129BB0 for ; Thu, 23 Mar 2017 12:58:23 -0700 (PDT) Received: from localhost (p5481CA54.dip0.t-ipconnect.de [84.129.202.84]) by mail.mugenguild.com (Postfix) with ESMTPSA id 5B0215FA71; Thu, 23 Mar 2017 20:58:21 +0100 (CET) Date: Thu, 23 Mar 2017 20:58:18 +0100 From: Vincent Breitmoser To: Jon Callas Cc: Werner Koch , "openpgp@ietf.org" , "HANSEN, TONY L" Message-ID: <20170323195818.l3trinds446zjsj2@calamity> References: <8737e4o2e4.fsf@wheatstone.g10code.de> <728801D2-CB96-4584-8A79-C93278B0437F@att.com> <87poh8kkfi.fsf@wheatstone.g10code.de> <35F1365E-C728-4925-BFB0-F31A3D8EC8FF@icloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <35F1365E-C728-4925-BFB0-F31A3D8EC8FF@icloud.com> User-Agent: NeoMutt/20170113 (1.7.2) Archived-At: Subject: Re: [openpgp] Summary v5 fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2017 19:58:27 -0000 Jon Callas(joncallas@icloud.com)@Thu, Mar 23, 2017 at 11:55:00AM -0700: > The real reason to use a wider hash is that every time we've > compromised on security for the sake of small devices, it bites us in > the ass. This will also bite us in the ass. It's a small bite in the > grand scheme of things, but it's going to happen and it will be > inconvenient. Is your point that we should use *more* than 256 bits for an identifier that doesn't even need preimage resistance? There are four use cases for such an identifier: - provide a reference to a key in signatures. note that this is not a cryptograhpic purpose, since the actual signatures are calculated over the entire key. we have been using 64 bit key ids for this purpose so far. - show to humans to have them verify two keys are identical. by definition, we trust the person showing this fingerprint, which renders collision a pointless attack scenario. - use as a handle for a designated revoker. assuming there is a collision, either colliding key could be used for revocation. since those would both be generated by an attacker in either case, there's no issue. - use as a handle for obtaining (downloading / updating) a key. a keyserver (or equivalent) could equivocate here, but *only* if they control the looked-up fingerprint in the first place, or at least generated the (colliding) key. Am I missing a use case? Even including a ton of security margin, 256 bits already seems way overkill to me for any of those purposes. - V