Librepgp-01

Werner Koch wk at gnupg.org
Fri Jun 21 09:39:50 CEST 2024


Hi!

On Thu, 20 Jun 2024 23:44, Andrew Gallagher said:

>> 5.2.3.17. Revocation Key
>> (1 octet of class, 1 octet of public-key algorithm ID, 20 or 32
>> octets of fingerprint)

> This appears to have been changed between rfc4880bis-10 and
> librepgp-00, to introduce the “extended 32 octet v4 fingerprint”,
> which is undefined elsewhere in the draft (that I can see). I only

This was intended as a preparation for the future.  Looking at the
source of the I-D you see:

  <!-- FIXME: Does the 0x20 class really makes sense?  We can use it -->
  <!-- only as a second subpacket because the extended fingerprint does -->
  <!-- not allow to find the key.  What would the attack model be? -->
  V4 keys use the full 20 octet fingerprint; V4 keys with the class
  octet bit 0x20 set use the extended 32 octet v4 fingerprint; V5 keys
  use the full 32 octet fingerprint.
  
  Authorizes the specified key to issue revocation signatures for this
  key.  Class octet must have bit 0x80 set.  If the bit 0x40 is set,
  then this means that the revocation information is sensitive.  Bit
  0x20 is used as described above.  Other bits are for future expansion

Thuus it is up for discussion.  The problem here are policy rules which
might eventually ban revocations done with a SHA-1 key.  Such a feature
could be used to sidestep such a policy - you would compare the key also
to the extended fingerprint before accepting a revocation.

The whole thing came up with Kleopatra style groups which lists
fingerprints.  Here it would theoretically be possible to slip in a
faked key by its SHA-1 fingerprint and thus allow a nth-party access to
data encrypted to such a group.  Whether this is really required for a
revocation is questionable.


Salam-Shalom,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240621/545b4258/attachment.sig>


More information about the LibrePGP-discuss mailing list