[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] New fingerprint: to v5 or not to v5

ianG <iang@xxxxxxxx> writes:

> Hi Werner,
> On 17/09/2015 19:41 pm, Werner Koch wrote:
>> I'd like to get opinions on one specific aspect of a new fingerprint
>> format in 4880bis.
>> In the past we bound the fingerprint format to the key packet version:
>> v3 keys used MD5 and v4 keys SHA-1 fingerprints.  This gained us the
>> benefit of having a bijective connection between fingerprint and key.
> I'm hugely on that side.  I'll always vote for that.  I even staked my
> rep on it :)
> http://iang.org/ssl/h1_the_one_true_cipher_suite.html
> Which came directly from the experience of hacking PGP & OpenPGP in
> Perl/Java as part of Cryptix.  The tears, the fears, the costs.
> So:  the only choice for me is which hash you pick for v5.  If you
> want another one, start planning for v6.


I believe sub-negotiating in security protocol leads to obscure problems
and makes security evaluation harder.  If we can avoid that, and that
appears to be the case, I'm all for it.

Regarding which hash to use, SHA-256 is probably the simplest choice
From a practicallity and consensus point of view.  Are there any strong
reasons to favor something else?

What would be the relevant options be anyway?  SHA-256, BLAKE2,
SHA3-256, SHA-512, CubeHash?  Would there be value in being able to use
variable length SHAKE variants?


Attachment: signature.asc
Description: PGP signature

openpgp mailing list