Best Practices

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Dec 13 18:23:16 CET 2010


On 12/13/2010 11:16 AM, David Shaw wrote:
> it seems to me you are focusing on one specific part of
> the design (the secret key format), forcing it to remain unchanged,

FWIW, i don't particularly care about the secret key packet format.  My
focus in this discussion has been on the certificate format -- that is,
the public primary key packet format and the certifications binding
public primary keys to their User IDs, User Attributes, and subkeys.

Avoiding a systemic change to the certificate format seems like it would
be a Good Thing in that people could participate in a global smooth
transition, without requiring a hard cut-over or a global interruption
of existing networks of identity verification.

> and (presumably) using changes elsewhere to accommodate this fixed
> point in the design (for example, doubled PKESK packets, one for
> each key ID).

Given that the truncated keyid in the PKESK packet is only advisory
material to help the recipient choose which key to use to try to decrypt
(and not of sufficient length to provide cryptographic assurances even
if it was intended to do so), i think this packet could stay as it
currently stands, even if we choose to calculate the human-readable
fingerprint in some other way.

> As I see it, three major things need to happen to get OpenPGP using
> something other than SHA-1:

Wait -- i've been saying all along here that aside from
non-cryptographic uses like the MDC, and the primary key fingerprint
format itself (which is not vulnerable to weakened
collision-resistance), we *can* use OpenPGP with something other than
SHA-1 today.  As far as i understand it, that was the point of building
algorithm flexibility into OpenPGP in the first place.  Do you think
this has failed?

The IETF discussion last year reviewing the OpenPGP spec for use of
SHA-1 didn't turn up anything other than the parts we've been talking
about in this thread, right?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101213/6222fbb3/attachment.pgp>


More information about the Gnupg-users mailing list