From owner-ietf-openpgp@mail.imc.org Wed May 11 00:00:54 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA20027 for ; Wed, 11 May 2005 00:00:53 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4B3hVVd091657; Tue, 10 May 2005 20:43:31 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4B3hVYX091656; Tue, 10 May 2005 20:43:31 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc14.comcast.net (sccrmhc14.comcast.net [204.127.202.59]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4B3hS4Q091646 for ; Tue, 10 May 2005 20:43:30 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (sccrmhc14) with ESMTP id <20050511034322014008lqu4e>; Wed, 11 May 2005 03:43:22 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j4B3hN8M012520 for ; Tue, 10 May 2005 23:43:23 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4B3hJO4025017 for ; Tue, 10 May 2005 23:43:19 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4B3hJJA025016 for ietf-openpgp@imc.org; Tue, 10 May 2005 23:43:19 -0400 Date: Tue, 10 May 2005 23:43:19 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Critical bits and notations Message-ID: <20050511034319.GA24832@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Here's an odd corner case, one that I'd be grateful for some thoughts on: what does the critical bit mean in the context of a signature notation? Does the critical bit refer to support of the notation subpacket in general, or to the specific notation given in the critical notation subpacket? For example, take an implementation that can read notations, and specifically understands and acts on the "foo" notation. Given that, it's very clear that this implementation should accept a critical notation "foo=1". Now try a critical notation of "bar=2". Should the implementation accept it because it knows what a notation is, and implements notations, or should it reject it because it doesn't know what the specific "bar" notation is? The draft has this to say on the subject of critical bits for signature subpackets: Bit 7 of the subpacket type is the "critical" bit. If set, it denotes that the subpacket is one that is critical for the evaluator of the signature to recognize. If a subpacket is encountered that is marked critical but is unknown to the evaluating software, the evaluator SHOULD consider the signature to be in error. An evaluator may "recognize" a subpacket, but not implement it. The purpose of the critical bit is to allow the signer to tell an evaluator that it would prefer a new, unknown feature to generate an error than be ignored. According to this, it would seem that a critical bit on a notation would seem to refer to support for the notation subpacket (i.e. notations in general). However, this seems a bit less useful than it could be, since the main idea of notations is to be able to add interesting things to the standard later. A critical bit that applied to the specific notation seems more useful. How does human-readable fit into this - if a notation is human readable, is it sufficient to display the notation to a human to say that it is "recognized"? David From owner-ietf-openpgp@mail.imc.org Wed May 11 00:40:22 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA22679 for ; Wed, 11 May 2005 00:40:22 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4B4Ru5h094433; Tue, 10 May 2005 21:27:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4B4RuOT094432; Tue, 10 May 2005 21:27:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4B4RugR094426 for ; Tue, 10 May 2005 21:27:56 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 91ACA57EE6; Tue, 10 May 2005 21:28:36 -0700 (PDT) To: dshaw@jabberwocky.com, ietf-openpgp@imc.org Subject: Re: Critical bits and notations Message-Id: <20050511042836.91ACA57EE6@finney.org> Date: Tue, 10 May 2005 21:28:36 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: In my opinion, the critical bit on a notation packet should mean that the implementation needs to recognize that particular notation, not just notation packets in general. Otherwise we would have no way of expressing the requirement that the particular notation packet be understood. I also wouldn't say that human-readable means that it is enough to display it. My interpretation of human-readable is that it is OK to display it to a person, i.e. that the data is in UTF-8, but not that displaying it to a person is sufficient to claim full support of the packet. Hal Finney From owner-ietf-openpgp@mail.imc.org Wed May 11 06:44:47 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA21659 for ; Wed, 11 May 2005 06:44:47 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BAUKx6024752; Wed, 11 May 2005 03:30:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BAUKR3024751; Wed, 11 May 2005 03:30:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BAUIPr024731 for ; Wed, 11 May 2005 03:30:19 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1DVo0Q-00075K-4Z for ; Wed, 11 May 2005 11:59:54 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1DVlTC-0001h3-Lw; Wed, 11 May 2005 09:17:26 +0200 To: hal@finney.org ("Hal Finney") Cc: dshaw@jabberwocky.com, ietf-openpgp@imc.org Subject: Re: Critical bits and notations References: <20050511042836.91ACA57EE6@finney.org> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Wed, 11 May 2005 09:17:26 +0200 In-Reply-To: <20050511042836.91ACA57EE6@finney.org> (Hal Finney's message of "Tue, 10 May 2005 21:28:36 -0700 (PDT)") Message-ID: <87psvymdtl.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, 10 May 2005 21:28:36 -0700 (PDT), "Hal Finney" said: > In my opinion, the critical bit on a notation packet should mean > that the implementation needs to recognize that particular notation, > not just notation packets in general. Otherwise we would have no way I agree. This matches the way the critical flag of CMS' extended attributes is used. Shalom-Salam, Werner From owner-ietf-openpgp@mail.imc.org Wed May 11 10:45:11 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA10083 for ; Wed, 11 May 2005 10:45:11 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BEMLTt097872; Wed, 11 May 2005 07:22:21 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BEMLf9097871; Wed, 11 May 2005 07:22:21 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp-out4.blueyonder.co.uk (smtp-out4.blueyonder.co.uk [195.188.213.7]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BEMJjB097865 for ; Wed, 11 May 2005 07:22:20 -0700 (PDT) (envelope-from rachel@hobthross.com) Received: from quinag.willmer.net ([82.41.74.2]) by smtp-out4.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Wed, 11 May 2005 15:22:58 +0100 Received: from router.wlan ([192.168.1.1] helo=[192.168.0.11]) by quinag.willmer.net with asmtp (Exim 4.34) id 1DVs6N-0001d1-Vw for ietf-openpgp@imc.org; Wed, 11 May 2005 15:22:20 +0100 Message-ID: <42821519.6070402@hobthross.com> Date: Wed, 11 May 2005 15:22:17 +0100 From: Rachel Willmer User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050404) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: minor comments on draft-ietf-openpgp-rfc2440bis-12.txt X-Enigmail-Version: 0.90.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 11 May 2005 14:22:58.0606 (UTC) FILETIME=[EE4A44E0:01C55634] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Minor nitpicks: 1/ 5.2.3.23 "Reason for revocation" "superceded" should be "superseded" 2/ Sections 5.2.3.8 and 5.2.3.9 both reference algorithm lists in section 6, which is currently the section entitled "Radix-64 conversions". I suspect the reference should be to Section 9. Rachel From owner-ietf-openpgp@mail.imc.org Wed May 11 11:00:55 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA11103 for ; Wed, 11 May 2005 11:00:54 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BEZwwq099621; Wed, 11 May 2005 07:35:58 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BEZwo3099619; Wed, 11 May 2005 07:35:58 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [216.148.227.89]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BEZv1B099610 for ; Wed, 11 May 2005 07:35:57 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (rwcrmhc14) with ESMTP id <2005051114354401400eh2o7e>; Wed, 11 May 2005 14:35:50 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j4BEZc8M014922 for ; Wed, 11 May 2005 10:35:38 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4BEZaEQ027912 for ; Wed, 11 May 2005 10:35:36 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4BEZaP0027911 for ietf-openpgp@imc.org; Wed, 11 May 2005 10:35:36 -0400 Date: Wed, 11 May 2005 10:35:36 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Critical bits and notations Message-ID: <20050511143536.GA27860@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, May 10, 2005 at 09:28:36PM -0700, "Hal Finney" wrote: > > In my opinion, the critical bit on a notation packet should mean > that the implementation needs to recognize that particular notation, > not just notation packets in general. Otherwise we would have no way > of expressing the requirement that the particular notation packet be > understood. That makes good sense, and I agree. However, the text in the draft doesn't exactly say this (and rather implies the opposite). I suggest adding this sentence (or similar) to the end of section 5.2.3.16. Notation Data: When used on a notation subpacket, the critical bit refers to that particular notation, and not to notation subpackets in general. David From owner-ietf-openpgp@mail.imc.org Wed May 11 17:38:36 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA28719 for ; Wed, 11 May 2005 17:38:35 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BLPbDn034350; Wed, 11 May 2005 14:25:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BLPbDr034349; Wed, 11 May 2005 14:25:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BLPaQm034340 for ; Wed, 11 May 2005 14:25:37 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (sccrmhc13) with ESMTP id <2005051121253001600cb6tge>; Wed, 11 May 2005 21:25:31 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j4BLPV8M016455 for ; Wed, 11 May 2005 17:25:31 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4BLPSwc028500 for ; Wed, 11 May 2005 17:25:28 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4BLPSmU028499 for ietf-openpgp@imc.org; Wed, 11 May 2005 17:25:28 -0400 Date: Wed, 11 May 2005 17:25:28 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Tag 11 unclear Message-ID: <20050511212528.GA28377@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050426190223.2DA7B57EE7@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050426190223.2DA7B57EE7@finney.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Apr 26, 2005 at 12:02:23PM -0700, "Hal Finney" wrote: > We might also want to note here that literal packet headers are not > signed, unless the literal packet is first wrapped in another packet > such as a compressed packet. Only the body of a literal packet is > signed in a message which consists of sig-packet, literal-packet. > (Or sig1-packet, literal-packet, sig-packet) What about (onepass, literal, literal, literal, sig) ? Treat as the multiple literal bodies concatenated together? David From owner-ietf-openpgp@mail.imc.org Wed May 11 18:01:49 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA01004 for ; Wed, 11 May 2005 18:01:49 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BLopwL036255; Wed, 11 May 2005 14:50:51 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BLopel036254; Wed, 11 May 2005 14:50:51 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BLoolX036247 for ; Wed, 11 May 2005 14:50:50 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 93CDC57E8C; Wed, 11 May 2005 14:51:33 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Re: Tag 11 unclear Message-Id: <20050511215133.93CDC57E8C@finney.org> Date: Wed, 11 May 2005 14:51:33 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw writes: > What about (onepass, literal, literal, literal, sig) ? Treat as the > multiple literal bodies concatenated together? I don't think we should allow this. There are too many potentials for mischief due to the absence of boundary information feeding into the signature. Hal From owner-ietf-openpgp@mail.imc.org Wed May 11 18:25:26 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA04192 for ; Wed, 11 May 2005 18:25:25 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BM9CXe038028; Wed, 11 May 2005 15:09:12 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BM9Cah038027; Wed, 11 May 2005 15:09:12 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc14.comcast.net (sccrmhc14.comcast.net [204.127.202.59]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BM9BvI038019 for ; Wed, 11 May 2005 15:09:11 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (sccrmhc14) with ESMTP id <20050511220903014008ppgge>; Wed, 11 May 2005 22:09:03 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j4BM948M016613 for ; Wed, 11 May 2005 18:09:04 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4BM91rg028571 for ; Wed, 11 May 2005 18:09:01 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4BM916s028570 for ietf-openpgp@imc.org; Wed, 11 May 2005 18:09:01 -0400 Date: Wed, 11 May 2005 18:09:01 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Tag 11 unclear Message-ID: <20050511220901.GC28377@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050511215133.93CDC57E8C@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050511215133.93CDC57E8C@finney.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, May 11, 2005 at 02:51:33PM -0700, "Hal Finney" wrote: > > David Shaw writes: > > What about (onepass, literal, literal, literal, sig) ? Treat as the > > multiple literal bodies concatenated together? > > I don't think we should allow this. There are too many potentials > for mischief due to the absence of boundary information feeding into > the signature. Note that this is currently legal syntax in the grammar. (I actually suggested the run-of-literal-packets grammar change to resolve a problem elsewhere in the document, but that doesn't mean I was right). David From owner-ietf-openpgp@mail.imc.org Wed May 11 19:54:59 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA10959 for ; Wed, 11 May 2005 19:54:59 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNgkhp044733; Wed, 11 May 2005 16:42:46 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BNgkWa044732; Wed, 11 May 2005 16:42:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNgkrK044726 for ; Wed, 11 May 2005 16:42:46 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 11 May 2005 16:42:44 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Wed, 11 May 2005 16:42:44 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 11 May 2005 16:42:44 -0700 In-Reply-To: <42821519.6070402@hobthross.com> References: <42821519.6070402@hobthross.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: minor comments on draft-ietf-openpgp-rfc2440bis-12.txt Date: Wed, 11 May 2005 16:42:45 -0700 To: Rachel Willmer X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 11 May 2005, at 7:22 AM, Rachel Willmer wrote: > > Minor nitpicks: > > 1/ 5.2.3.23 "Reason for revocation" > > "superceded" should be "superseded" Done. Both occurrences. > > 2/ Sections 5.2.3.8 and 5.2.3.9 both reference algorithm lists in > section 6, which is currently the section entitled "Radix-64 > conversions". I suspect the reference should be to Section 9. > Done. Jon From owner-ietf-openpgp@mail.imc.org Wed May 11 20:07:03 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA11657 for ; Wed, 11 May 2005 20:07:02 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNs4Cg045613; Wed, 11 May 2005 16:54:04 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BNs4Ba045612; Wed, 11 May 2005 16:54:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNs37n045606 for ; Wed, 11 May 2005 16:54:03 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 11 May 2005 16:54:00 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Wed, 11 May 2005 16:54:00 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 11 May 2005 16:54:00 -0700 In-Reply-To: <20050511143536.GA27860@jabberwocky.com> References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> <20050511143536.GA27860@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: Critical bits and notations Date: Wed, 11 May 2005 16:54:01 -0700 To: David Shaw X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 11 May 2005, at 7:35 AM, David Shaw wrote: > > On Tue, May 10, 2005 at 09:28:36PM -0700, "Hal Finney" wrote: >> >> In my opinion, the critical bit on a notation packet should mean >> that the implementation needs to recognize that particular notation, >> not just notation packets in general. Otherwise we would have no way >> of expressing the requirement that the particular notation packet be >> understood. > > That makes good sense, and I agree. However, the text in the draft > doesn't exactly say this (and rather implies the opposite). > I agree with Hal. I don't think that the text in the draft implies the opposite, however. Here's a quote: ... The purpose of the critical bit is to allow the signer to tell an evaluator that it would prefer a new, unknown feature to generate an error than be ignored. This says to me that if you see a notation you don't understand, you should error out. Notations are our extension mechanism. It strikes me as perverse to think that you only have to know the general concept of extensions and not the specific extension. > I suggest adding this sentence (or similar) to the end of section > 5.2.3.16. Notation Data: > > When used on a notation subpacket, the critical bit refers to that > particular notation, and not to notation subpackets in general. I put in: If there is a critical notation, the criticality applies to that specific notation and not to notations in general. but I'll bet you a beer someone finds a creative way to misinterpret this. Jon From owner-ietf-openpgp@mail.imc.org Wed May 11 20:31:11 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA13065 for ; Wed, 11 May 2005 20:31:11 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4C0J5uf047435; Wed, 11 May 2005 17:19:05 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4C0J5VN047434; Wed, 11 May 2005 17:19:05 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4C0J4Qf047428 for ; Wed, 11 May 2005 17:19:04 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 11 May 2005 17:19:00 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Wed, 11 May 2005 17:19:00 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 11 May 2005 17:19:00 -0700 In-Reply-To: <426E7C6E.3070108@algroup.co.uk> References: <426E7C6E.3070108@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <9f380090fe85d7069d0122598b988a16@callas.org> Content-Transfer-Encoding: 7bit Cc: OpenPGP From: Jon Callas Subject: Re: Tag 11 unclear Date: Wed, 11 May 2005 17:19:01 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit > " - File name as a string (one-octet length, followed by file name), > if the encrypted data should be saved as a file." > > but no mention of what if it shouldn't be saved as a file. 0 length, > perhaps? > That's what I'd do. > Then: > > " - A four-octet number that indicates the modification date of the > file, or the creation time of the packet, or a zero that > indicates the present time." > > I would _guess_ that it means modification date of the file if there's > a filename, the creation time if there isn't. I have no idea what zero > is supposed to mean. Nothing, would be the obvious interpretation - > "the present time" is nonsensical. > I think that the major problem is that OpenPGP gets used for a lot of things, and this is giving latitude, which always means lack of clarity. This dates back at least as far as RFC 1991, which says: ... Field (d) [labeled previously as "a time field"] should be the time at which the file was last modified, or the time at which the data packet was created, or 0. Which is even less helpful, as it doesn't tell us about the zero option. Unfortunately, this is not only ambiguous, but insufficient. Let's presume that I've decrypted a packet. If I'm storing that in a file, it seems to me that I should take that time field and make it be the creation and modification date of the file, or now if it's zero. If I'm putting it in a text widget (for example), then obviously I don't do anything as the time doesn't really apply. If I am creating a literal packet, I have several options. One is that I take the modification time of the file, assuming it's available. Personally, I think if you're transferring files around, you should preserve the creation time and the modification time, but I'm fussy that way. The next option that I have is to put the current time in there. The reason I might do that is if I think I'm leaking data by doing it, or -- whatever. If I don't want to put the modification time of the data in the packet, I can put "now" in there. The last option is that if I don't want to use *my* now, but the *recipient's* now, I can put a zero in there. It's completely up to me to decide for whatever arcane reasons I have which of those is the right thing to do. I added to the end of the paragraph there: "It is up to the creator of the packet which of these they use." Does that help? Jon From owner-ietf-openpgp@mail.imc.org Wed May 11 20:56:50 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA11656 for ; Wed, 11 May 2005 20:07:02 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNuE7S045743; Wed, 11 May 2005 16:56:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BNuELN045742; Wed, 11 May 2005 16:56:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNuEoJ045736 for ; Wed, 11 May 2005 16:56:14 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 11 May 2005 16:56:12 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Wed, 11 May 2005 16:56:12 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 11 May 2005 16:56:12 -0700 In-Reply-To: <426E366B.4030806@algroup.co.uk> References: <426E366B.4030806@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: OpenPGP From: Jon Callas Subject: Re: Editorial Nit Date: Wed, 11 May 2005 16:56:13 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 26 Apr 2005, at 5:39 AM, Ben Laurie wrote: > > 5.2.3.7. Preferred symmetric algorithms > > (sequence of one-octet values) > > 5.2.3.8. Preferred hash algorithms > > (array of one-octet values) > > It seems these (and others) should all either say "sequence" or > "array". > I changed them all to "array" for no particular reason other than I think I like it better today. Jon From owner-ietf-openpgp@mail.imc.org Thu May 12 10:43:34 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA29756 for ; Thu, 12 May 2005 10:43:34 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CETMNu087475; Thu, 12 May 2005 07:29:22 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4CETM2b087474; Thu, 12 May 2005 07:29:22 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CETLqD087468 for ; Thu, 12 May 2005 07:29:21 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id A197F33C74; Thu, 12 May 2005 15:29:19 +0100 (BST) Message-ID: <42836841.5010408@algroup.co.uk> Date: Thu, 12 May 2005 15:29:21 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas Cc: OpenPGP Subject: Re: Tag 11 unclear References: <426E7C6E.3070108@algroup.co.uk> <9f380090fe85d7069d0122598b988a16@callas.org> In-Reply-To: <9f380090fe85d7069d0122598b988a16@callas.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: >> " - File name as a string (one-octet length, followed by file name), >> if the encrypted data should be saved as a file." >> >> but no mention of what if it shouldn't be saved as a file. 0 length, >> perhaps? >> > > That's what I'd do. > >> Then: >> >> " - A four-octet number that indicates the modification date of the >> file, or the creation time of the packet, or a zero that >> indicates the present time." >> >> I would _guess_ that it means modification date of the file if there's >> a filename, the creation time if there isn't. I have no idea what zero >> is supposed to mean. Nothing, would be the obvious interpretation - >> "the present time" is nonsensical. >> > > I think that the major problem is that OpenPGP gets used for a lot of > things, and this is giving latitude, which always means lack of clarity. > This dates back at least as far as RFC 1991, which says: > > ... Field (d) [labeled previously as "a time field"] > should be the time at which > the file was last modified, or the time at which the data packet was > created, or 0. > > Which is even less helpful, as it doesn't tell us about the zero option. > Unfortunately, this is not only ambiguous, but insufficient. > > Let's presume that I've decrypted a packet. If I'm storing that in a > file, it seems to me that I should take that time field and make it be > the creation and modification date of the file, or now if it's zero. If > I'm putting it in a text widget (for example), then obviously I don't do > anything as the time doesn't really apply. > > If I am creating a literal packet, I have several options. One is that I > take the modification time of the file, assuming it's available. > Personally, I think if you're transferring files around, you should > preserve the creation time and the modification time, but I'm fussy that > way. > > The next option that I have is to put the current time in there. The > reason I might do that is if I think I'm leaking data by doing it, or -- > whatever. If I don't want to put the modification time of the data in > the packet, I can put "now" in there. The obvious "whatever" is when the source is not otherwise dated, such as the user typing at a keyboard, or the output of a pipe. > The last option is that if I don't want to use *my* now, but the > *recipient's* now, I can put a zero in there. > > It's completely up to me to decide for whatever arcane reasons I have > which of those is the right thing to do. > > I added to the end of the paragraph there: "It is up to the creator of > the packet which of these they use." Does that help? Not really. My objection to the wording is that it makes no sense. That is, the time field has three alleged possible meanings: a) last modification time of file b) creation time of packet c) now we have no way to tell whether a) or b) is meant, unless we link that to the presence of a filename, and having a time field mean "now" without saying what "now" is supposed to apply to makes no sense whatsoever. I can't even see how to fix that and retain the "now"ness - if we say it applies to the file or the packet, that's clearly untrue. So what does it apply to? The only thing that makes sense to me is to define 0 as "the sender has declined to provide a time". As before, if we can agree on this, I'll produce proposed words. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Thu May 12 12:13:32 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07594 for ; Thu, 12 May 2005 12:13:32 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CFnWJk094602; Thu, 12 May 2005 08:49:32 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4CFnWHI094600; Thu, 12 May 2005 08:49:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [216.148.227.89]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CFnVrD094590 for ; Thu, 12 May 2005 08:49:32 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (rwcrmhc14) with ESMTP id <2005051215492601400efpsre>; Thu, 12 May 2005 15:49:26 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j4CFnQ8M020508 for ; Thu, 12 May 2005 11:49:26 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4CFnOjD030564 for ; Thu, 12 May 2005 11:49:24 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4CFnORQ030563 for ietf-openpgp@imc.org; Thu, 12 May 2005 11:49:24 -0400 Date: Thu, 12 May 2005 11:49:24 -0400 From: David Shaw To: OpenPGP Subject: Re: Tag 11 unclear Message-ID: <20050512154924.GA30354@jabberwocky.com> Mail-Followup-To: OpenPGP References: <426E7C6E.3070108@algroup.co.uk> <9f380090fe85d7069d0122598b988a16@callas.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9f380090fe85d7069d0122598b988a16@callas.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, May 11, 2005 at 05:19:01PM -0700, Jon Callas wrote: > > > " - File name as a string (one-octet length, followed by file name), > > if the encrypted data should be saved as a file." > > > >but no mention of what if it shouldn't be saved as a file. 0 length, > >perhaps? > > > > That's what I'd do. Isn't _CONSOLE what is used when something shouldn't be saved as a file? I'd say zero length just means that the sender didn't give a file name, whether because the data doesn't have one, or because the filename is private, or even because it just didn't want to. I think the 0 option for the literal timestamp is similar - it just means the sender didn't give a time. The recipient can interpret that however it likes. David From owner-ietf-openpgp@mail.imc.org Thu May 12 18:38:06 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA17105 for ; Thu, 12 May 2005 18:38:05 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CMGHTW022182; Thu, 12 May 2005 15:16:17 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4CMGH1S022181; Thu, 12 May 2005 15:16:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CMGHUb022174 for ; Thu, 12 May 2005 15:16:17 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Thu, 12 May 2005 15:16:15 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Thu, 12 May 2005 15:16:15 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Thu, 12 May 2005 15:16:15 -0700 In-Reply-To: <20050512154924.GA30354@jabberwocky.com> References: <426E7C6E.3070108@algroup.co.uk> <9f380090fe85d7069d0122598b988a16@callas.org> <20050512154924.GA30354@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <99f3946047bf398122efad9e1b03ba66@callas.org> Content-Transfer-Encoding: 7bit Cc: OpenPGP From: Jon Callas Subject: Re: Tag 11 unclear Date: Thu, 12 May 2005 15:16:15 -0700 To: David Shaw X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 12 May 2005, at 8:49 AM, David Shaw wrote: > Isn't _CONSOLE what is used when something shouldn't be saved as a > file? I'd say zero length just means that the sender didn't give a > file name, whether because the data doesn't have one, or because the > filename is private, or even because it just didn't want to. > No, _CONSOLE means "eyes only." Then you do whatever it is you do for eyes only. > I think the 0 option for the literal timestamp is similar - it just > means the sender didn't give a time. The recipient can interpret that > however it likes. > Again, I think there are three options: data mod date (typically meaning its source is a file), encrypt time, and decrypt time. The encryptor picks. The decryptor has no way of knowing which of the first two was picked. Jon From owner-ietf-openpgp@mail.imc.org Thu May 19 16:53:10 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA00084 for ; Thu, 19 May 2005 16:53:09 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKbaAX045888; Thu, 19 May 2005 13:37:36 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4JKbaWH045887; Thu, 19 May 2005 13:37:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKbYVc045865 for ; Thu, 19 May 2005 13:37:35 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6AD2533C33 for ; Thu, 19 May 2005 21:37:31 +0100 (BST) Message-ID: <428CF892.60809@algroup.co.uk> Date: Thu, 19 May 2005 21:35:30 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP Subject: Minor nit: Issuer vs. Issuer key ID X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit 5.2.3.5 Issuer should be: 5.2.3.5 Issuer key ID A tiny point, I know, but it made it hard to find. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Thu May 19 16:54:31 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA00215 for ; Thu, 19 May 2005 16:54:31 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKdNAi046471; Thu, 19 May 2005 13:39:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4JKdNYZ046470; Thu, 19 May 2005 13:39:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKdMnH046461 for ; Thu, 19 May 2005 13:39:22 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id ACFB833C33 for ; Thu, 19 May 2005 21:39:21 +0100 (BST) Message-ID: <428CF900.9030505@algroup.co.uk> Date: Thu, 19 May 2005 21:37:20 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP Subject: Key Algorithms? X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Key algorithms ... these are used in various contexts, and there's a list in 9.1 - some of these are clearly unsuitable in some contexts - for example, one would not expect to see RSA Encrypt-Only (3) in a signature. But I can't find any language saying anything about this. Are there any rules? -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Thu May 19 16:58:26 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA00542 for ; Thu, 19 May 2005 16:58:26 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKjaHb048146; Thu, 19 May 2005 13:45:36 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4JKja56048145; Thu, 19 May 2005 13:45:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKjaLa048138 for ; Thu, 19 May 2005 13:45:36 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 9812033C33; Thu, 19 May 2005 21:45:35 +0100 (BST) Message-ID: <428CFA76.3010908@algroup.co.uk> Date: Thu, 19 May 2005 21:43:34 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas Cc: David Shaw , ietf-openpgp@imc.org Subject: Re: Critical bits and notations References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> <20050511143536.GA27860@jabberwocky.com> <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> In-Reply-To: <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: > > > On 11 May 2005, at 7:35 AM, David Shaw wrote: > >> >> On Tue, May 10, 2005 at 09:28:36PM -0700, "Hal Finney" wrote: >> >>> >>> In my opinion, the critical bit on a notation packet should mean >>> that the implementation needs to recognize that particular notation, >>> not just notation packets in general. Otherwise we would have no way >>> of expressing the requirement that the particular notation packet be >>> understood. >> >> >> That makes good sense, and I agree. However, the text in the draft >> doesn't exactly say this (and rather implies the opposite). >> > > I agree with Hal. I don't think that the text in the draft implies the > opposite, however. Here's a quote: > > ... The > purpose of the critical bit is to allow the signer to tell an > evaluator that it would prefer a new, unknown feature to generate an > error than be ignored. > > This says to me that if you see a notation you don't understand, you > should error out. > > Notations are our extension mechanism. It strikes me as perverse to > think that you only have to know the general concept of extensions and > not the specific extension. > >> I suggest adding this sentence (or similar) to the end of section >> 5.2.3.16. Notation Data: >> >> When used on a notation subpacket, the critical bit refers to that >> particular notation, and not to notation subpackets in general. > > > I put in: > > If there is a critical notation, the criticality applies to that > specific > notation and not to notations in general. > > but I'll bet you a beer someone finds a creative way to misinterpret this. This whole discussion scares me. You have an extension mechanism with no registry for extensions. When these things get popular, it turns out everyone hates them. cf. DNS TXT records. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Fri May 20 04:59:51 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA21803 for ; Fri, 20 May 2005 04:59:51 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4K8lKSH022712; Fri, 20 May 2005 01:47:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4K8lKdA022711; Fri, 20 May 2005 01:47:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4K8lJKs022694 for ; Fri, 20 May 2005 01:47:20 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6159733C5F; Fri, 20 May 2005 09:47:18 +0100 (BST) Message-ID: <428DA39D.2050308@algroup.co.uk> Date: Fri, 20 May 2005 09:45:17 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Werner Koch Cc: Jon Callas , David Shaw , ietf-openpgp@imc.org Subject: Re: Critical bits and notations References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> <20050511143536.GA27860@jabberwocky.com> <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> <428CFA76.3010908@algroup.co.uk> <874qcy2wcw.fsf@wheatstone.g10code.de> In-Reply-To: <874qcy2wcw.fsf@wheatstone.g10code.de> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Werner Koch wrote: > On Thu, 19 May 2005 21:43:34 +0100, Ben Laurie said: > > >>This whole discussion scares me. You have an extension mechanism with >>no registry for extensions. > > > We do have a way to register extensions ([5.2.3.16. Notation Data]): > > The IETF name space is registered with IANA. These names MUST NOT > contain the "@" character (0x40) is this is a tag for the user name > space. > > Names in the user name space consist of a UTF-8 string tag followed > by "@" followed by a DNS domain name. Note that the tag MUST NOT > contain an "@" character. For example, the "sample" tag used by > Example Corporation could be "sample@example.com". > > Names in a user space are owned and controlled by the owners of that > domain. Obviously, it's of bad form to create a new name in a DNS > space that you don't own. > > Where do you see the problem? Doh! The problem lies between my chair and keyboard. Sorry. A passing comment, though - if you want domain names to be a safe extension mechanism, you should include a date, since they can change hands (without consent of the current owner, even). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Fri May 20 05:03:44 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA22252 for ; Fri, 20 May 2005 05:03:43 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4K8hRt1021332; Fri, 20 May 2005 01:43:27 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4K8hRQq021331; Fri, 20 May 2005 01:43:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4K8hN3C021299 for ; Fri, 20 May 2005 01:43:24 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1DZ1Lc-0004QS-B0 for ; Fri, 20 May 2005 08:51:04 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1DZ1rz-0008Rw-Pg; Fri, 20 May 2005 09:24:31 +0200 To: Ben Laurie Cc: Jon Callas , David Shaw , ietf-openpgp@imc.org Subject: Re: Critical bits and notations References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> <20050511143536.GA27860@jabberwocky.com> <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> <428CFA76.3010908@algroup.co.uk> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Fri, 20 May 2005 09:24:31 +0200 In-Reply-To: <428CFA76.3010908@algroup.co.uk> (Ben Laurie's message of "Thu, 19 May 2005 21:43:34 +0100") Message-ID: <874qcy2wcw.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 19 May 2005 21:43:34 +0100, Ben Laurie said: > This whole discussion scares me. You have an extension mechanism with > no registry for extensions. We do have a way to register extensions ([5.2.3.16. Notation Data]): The IETF name space is registered with IANA. These names MUST NOT contain the "@" character (0x40) is this is a tag for the user name space. Names in the user name space consist of a UTF-8 string tag followed by "@" followed by a DNS domain name. Note that the tag MUST NOT contain an "@" character. For example, the "sample" tag used by Example Corporation could be "sample@example.com". Names in a user space are owned and controlled by the owners of that domain. Obviously, it's of bad form to create a new name in a DNS space that you don't own. Where do you see the problem? Salam-Shalom, Werner From owner-ietf-openpgp@mail.imc.org Fri May 20 15:51:16 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA05588 for ; Fri, 20 May 2005 15:51:15 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KJZEVG045103; Fri, 20 May 2005 12:35:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4KJZEM2045102; Fri, 20 May 2005 12:35:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KJZDYm045067 for ; Fri, 20 May 2005 12:35:14 -0700 (PDT) (envelope-from dinaras@cnri.reston.va.us) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA00365; Fri, 20 May 2005 15:35:07 -0400 (EDT) Message-Id: <200505201935.PAA00365@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-rfc2440bis-13.txt Date: Fri, 20 May 2005 15:35:07 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : OpenPGP Message Format Author(s) : J. Callas, et al. Filename : draft-ietf-openpgp-rfc2440bis-13.txt Pages : 72 Date : 2005-5-20 This document is maintained in order to publish all necessary information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws. OpenPGP software uses a combination of strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. These services include confidentiality, key management, authentication, and digital signatures. This document specifies the message formats used in OpenPGP. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-13.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-rfc2440bis-13.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-rfc2440bis-13.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2005-5-20154458.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-rfc2440bis-13.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-rfc2440bis-13.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2005-5-20154458.I-D@ietf.org> --OtherAccess-- --NextPart-- From owner-ietf-openpgp@mail.imc.org Fri May 20 18:43:57 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA22143 for ; Fri, 20 May 2005 18:43:57 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KMSiqU093915; Fri, 20 May 2005 15:28:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4KMSilW093914; Fri, 20 May 2005 15:28:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KMSgo2093906 for ; Fri, 20 May 2005 15:28:43 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Fri, 20 May 2005 15:28:41 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Fri, 20 May 2005 15:28:41 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Fri, 20 May 2005 15:28:41 -0700 In-Reply-To: <428CF892.60809@algroup.co.uk> References: <428CF892.60809@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <42ee6c4a9279d24e1080c6ff528024e4@callas.org> Content-Transfer-Encoding: 7bit Cc: OpenPGP From: Jon Callas Subject: Re: Minor nit: Issuer vs. Issuer key ID Date: Fri, 20 May 2005 15:28:40 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 19 May 2005, at 1:35 PM, Ben Laurie wrote: > > 5.2.3.5 Issuer > > should be: > > 5.2.3.5 Issuer key ID > > A tiny point, I know, but it made it hard to find. > Fixed in bis-14. Jon From owner-ietf-openpgp@mail.imc.org Fri May 20 19:33:36 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA22142 for ; Fri, 20 May 2005 18:43:57 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KMWcao094631; Fri, 20 May 2005 15:32:38 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4KMWcUa094629; Fri, 20 May 2005 15:32:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KMWbKv094617 for ; Fri, 20 May 2005 15:32:37 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Fri, 20 May 2005 15:32:35 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Fri, 20 May 2005 15:32:35 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Fri, 20 May 2005 15:32:35 -0700 In-Reply-To: <428CF900.9030505@algroup.co.uk> References: <428CF900.9030505@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <8d5ad5a9f7affa48ec29be606193bec3@callas.org> Content-Transfer-Encoding: 7bit Cc: OpenPGP From: Jon Callas Subject: Re: Key Algorithms? Date: Fri, 20 May 2005 15:32:33 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 19 May 2005, at 1:37 PM, Ben Laurie wrote: > > Key algorithms ... these are used in various contexts, and there's a > list in 9.1 - some of these are clearly unsuitable in some contexts - > for example, one would not expect to see RSA Encrypt-Only (3) in a > signature. But I can't find any language saying anything about > this. Are there any rules? > All of these are deprecated or disallowed. 12.4. RSA There are algorithm types for RSA-signature-only, and RSA-encrypt-only keys. These types are deprecated. The "key flags" subpacket in a signature is a much better way to express the same idea, and generalizes it to all algorithms. An implementation SHOULD NOT create such a key, but MAY interpret it. [...] 12.7. Reserved Algorithm Numbers A number of algorithm IDs have been reserved for algorithms that would be useful to use in an OpenPGP implementation, yet there are issues that prevent an implementer from actually implementing the algorithm. These are marked in the Public Algorithms section as "(reserved for)". [...] Previous versions of OpenPGP permitted Elgamal [ELGAMAL] signatures with a public key identifier of 20. These are no longer permitted. An implementation MUST NOT generate such keys. An implementation MUST NOT generate Elgamal signatures. From owner-ietf-openpgp@mail.imc.org Sat May 21 08:24:52 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA13868 for ; Sat, 21 May 2005 08:24:52 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4L0IDNf027310; Fri, 20 May 2005 17:18:13 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4L0IDx9027309; Fri, 20 May 2005 17:18:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4L0IDBd027230 for ; Fri, 20 May 2005 17:18:13 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc12) with ESMTP id <2005052100180501400ssbjke>; Sat, 21 May 2005 00:18:05 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j4L0I4Ta008433 for ; Fri, 20 May 2005 20:18:04 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4L0I0dH028428 for ; Fri, 20 May 2005 20:18:00 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4L0I0Mi028427 for ietf-openpgp@imc.org; Fri, 20 May 2005 20:18:00 -0400 Date: Fri, 20 May 2005 20:18:00 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Critical bits and notations Message-ID: <20050521001800.GA28168@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> <20050511143536.GA27860@jabberwocky.com> <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> <428CFA76.3010908@algroup.co.uk> <874qcy2wcw.fsf@wheatstone.g10code.de> <428DA39D.2050308@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <428DA39D.2050308@algroup.co.uk> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, May 20, 2005 at 09:45:17AM +0100, Ben Laurie wrote: > > Werner Koch wrote: > >On Thu, 19 May 2005 21:43:34 +0100, Ben Laurie said: > > > > > >>This whole discussion scares me. You have an extension mechanism with > >>no registry for extensions. > > > > > >We do have a way to register extensions ([5.2.3.16. Notation Data]): > > > > The IETF name space is registered with IANA. These names MUST NOT > > contain the "@" character (0x40) is this is a tag for the user name > > space. > > > > Names in the user name space consist of a UTF-8 string tag followed > > by "@" followed by a DNS domain name. Note that the tag MUST NOT > > contain an "@" character. For example, the "sample" tag used by > > Example Corporation could be "sample@example.com". > > > > Names in a user space are owned and controlled by the owners of that > > domain. Obviously, it's of bad form to create a new name in a DNS > > space that you don't own. > > > >Where do you see the problem? > > Doh! The problem lies between my chair and keyboard. Sorry. > > A passing comment, though - if you want domain names to be a safe > extension mechanism, you should include a date, since they can change > hands (without consent of the current owner, even). It's also worth noting that the naming rules are often ignored in practice. A year or two ago, I pulled a keyring from one of the keyservers and enumerated the notation names. I'd have to dig up my notes from then, but I seem to recall that around 85-90% of them were the string "COMMENT". (Since then, GnuPG has refused to create notation names without a '@' in them). David From davkadigbo@eresmas.com Tue May 24 17:16:19 2005 Received: from smtp12.eresmas.com (smtp12.eresmas.com [62.81.235.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA25128 for ; Tue, 24 May 2005 17:16:19 -0400 (EDT) Received: from [192.168.105.166] (helo=ma17.eresmas.com) by smtp12.eresmas.com with esmtp (Exim 4.10) id 1Dagiv-0005IK-00; Tue, 24 May 2005 23:14:01 +0200 From: Dave Okadigbo Dave To: davkadigbo@eresmas.com Message-ID: Date: Tue, 24 May 2005 21:14:06 GMT X-Mailer: Netscape Webmail MIME-Version: 1.0 Content-Language: en Subject: Urgent Inheritance Claim from the son of the late (Senate President of Nigeria) Dr. Chuba Okadigbo. X-Accept-Language: en Content-Type: text/html; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit

Dear Friend,

May the Almighty God give you the wisdom to understand my predicament and i pray that it will never be your own portion.


I, Dave Pharoah Okadigbo, the eldest surviving son of late Dr Chuba Okadigbo [may his gentle soul rest in perfect peace] Hereby solicit for your help. I know it might marvel you on how I got to know about your contact, It was on my search through the Internet on who i can really count on to transact this business proposal that my spirit directed me to you. I have a bussiness proposal for you, which I hope by the special grace of God, because of the fact that i am a christian will be beneficial to you and me. This Business Proposal Is not an Illusion but achievable If giving your maximum support and co-operation on it. I have to assure you that, this Business Proposal Is Risk Free.

My father [Dr Chuba Okadigbo] was the Senate President Of the Federal Republic Of Nigeria and also The All Peoples Party Vice Presidential Flag bearer (A.P.P) Have 2003 General Election In the Country before he was killed by this wicked government that we have. On the dying days of my father, he confessed to me of $28.5m [Twentyeight Million, Five Hundred Thousand US Dollars] kept In a Financial Security Company and he directed me to transfer this money to a foreign account before the government knows of It. My mother and I are left with no other option than to Invest this money outside the Country where It will be Safe. I hereby propose this to you If I can be able to count on you this business proposal.

It is not something that you are going to do for free, no because i know all what it will take you to make all this done. So, i hereby stated the sharing as follows:

1] That you take 35% of the money
2] I take 50%
3] 5% will be for any expenses Incurred during the transfer of this fund.
4] The remain 10% will be for a joint business In your Country.

Finally, what I need from you Is your telephone number and your contact address for onward transfer of this fund. I seriously Count on your support and Cooperation.

Thanks and God bless you, waiting to hear back from you as soon as possible.

Your's Sincerely,

Dave Pharoah Okadigbo.

Note: Send your reply to davkadigbo@globalum.com for security purpose.

Thanks.

From owner-ietf-openpgp@mail.imc.org Wed May 25 07:40:35 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA00943 for ; Wed, 25 May 2005 07:40:35 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4PBQv1e051308; Wed, 25 May 2005 04:26:57 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4PBQvui051307; Wed, 25 May 2005 04:26:57 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4PBQuwD051287 for ; Wed, 25 May 2005 04:26:57 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id D38DE33C45 for ; Wed, 25 May 2005 12:26:54 +0100 (BST) Message-ID: <429460FD.4090807@algroup.co.uk> Date: Wed, 25 May 2005 12:26:53 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP Subject: Elgamal Signatures? Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit I realise they're deprecated, but I still need to know the format. Where can I find it? Should it be in the RFC? The problem being, of course, that things exist out there that use them. Cheers, Ben. From owner-ietf-openpgp@mail.imc.org Thu May 26 03:33:02 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA06239 for ; Thu, 26 May 2005 03:33:02 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4Q7KnEG021456; Thu, 26 May 2005 00:20:49 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4Q7Knas021455; Thu, 26 May 2005 00:20:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from hotmail.com (bay18-f12.bay18.hotmail.com [65.54.187.62]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4Q7KnOf021443 for ; Thu, 26 May 2005 00:20:49 -0700 (PDT) (envelope-from spider-41@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 26 May 2005 00:20:44 -0700 Message-ID: Received: from 193.210.155.190 by by18fd.bay18.hotmail.msn.com with HTTP; Thu, 26 May 2005 07:20:43 GMT X-Originating-IP: [193.210.155.190] X-Originating-Email: [spider-41@hotmail.com] X-Sender: spider-41@hotmail.com From: =?iso-8859-1?B?S2ltbW8gTeRrZWzkaW5lbg==?= To: ietf-openpgp@imc.org Subject: Problems with calculating signatures over keys Date: Thu, 26 May 2005 10:20:43 +0300 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_194f_56dd_6dda" X-OriginalArrivalTime: 26 May 2005 07:20:44.0239 (UTC) FILETIME=[6E06E5F0:01C561C3] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multi-part message in MIME format. ------=_NextPart_000_194f_56dd_6dda Content-Type: text/plain; charset=iso-8859-1; format=flowed I'm trying to compute the signature over the DSA key and I'm rather confused. I have generated DSA and El Gamal keys with Gnu Privacy Guard software. First, how many octets there should be in the user id packet to define the length of the username? It is said in the 5.2.4 that "A V4 certification hashes the constant 0xb4 (which is an old-style packet header with the length-of-length set to zero), a four-octet number giving the length of the username, and then the username data." However, in the key generated by GnuPG the length is given with only one octet. I have used the PGPdump interface (http://www.pgpdump.net) to visualize the key data, and the interface shows the data correctly, including the user id packet. Here is the key packet: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.1 (MingW32) mQGiBEKVbtERBACEIkiNrLzZZQYivsTw3qjUwBUBILzU9kJATnMZM+DaaF0BuTUX +CZJVCZQViLG9tk9aFlzEMmImBokJmNkasCEWhwcoKKJjDqTTIUO0k21udKMD4RX 8r5Xp1FxhJYcLqfuo20l4G2pgUOZ7rE0hBL10btJrb6aJ9ava8mO/fXTNwCgwfIT mrgCrwsBT6lp98BzAUKrO/cD/2UsSeZKwTX3Fr4sYqCHVRjBItTyFF+gB6UcT45Q XmKtmhlSyZFxoWpXS7JA1KsdjUXUTv4dyjka3BcOk+fqnuPk+bo2+VI1oFJQmeFl /Gtqk8OF3VTAuO8IzE9tghw6+aDM8UdnOZcoEtUe5WhdhnMKg/snspn3MxmKGgGw YjhJA/sEHKVV8QIXcG32NdgnmE4y72jy4aI5OJpSHoRYGZjYVCQnRn6O2dyw9AVW Qf/MwvsUqQNHkE6+C4X3MIAlWsCthlyWMFWjqsPxROBKv9pWXlcx0HnTlS5eW7Ad sDCxx3hVnC2QDhSCsW6YiEPCN5wER6x9RWgvR0HL6UsOQHlCtrQoS2ltbW8gTWFr ZWxhaW5lbiA8c3BpZGVyLTQxQGhvdG1haWwuY29tPoheBBMRAgAeBQJClW7RAhsD BgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEMsqzv1NDtvR6KQAoJ64WQs7U2d/OBys SPyLBjr842C9AJ9Y3bKFi7BQrrn0M1+9NOfesOVg27kBDQRClW7UEAQApytRIxA9 5X2h8ev7ApEgoLekTnEJSs0l1R+Y+MCMNgzSv2P5ODhS+8mMbvE5yTv5McA8is9s SFIB+01P33LnyZOxXmegbBKa+hGR9MtqqRbw6gOQ16I1ymttjL47ZA8fdA/uInb1 jmiUVOVYUAxnpTSyeZugulTSKKggInvgYfsAAwUD/07+XJ2gSiwvT712CPLjYWhB VWlVGR7dAOyD5bU29Khhy3oKPoFgoZpDatl3rabNldxYEudeLY20LZ/zntXxJlJx /EfKW67wbqD/VqfhDqsKWjvdJW8ETkexkqSfP8uEE0T2CEJZm8RJSsNBioCxUWCt CQUsmnEeMYCSfg+Tr0WgiEkEGBECAAkFAkKVbtQCGwwACgkQyyrO/U0O29G9/QCe L511HAkscEwbacdTLgJ8f9DqRVcAnRHOIEphW7zM+NZSZum56ygtu3Z5 =eV1b -----END PGP PUBLIC KEY BLOCK----- The "raw" data of the key is attached to this message. My main problem is that I can't calculate the correct hash value. PGPdump shows that the two left bytes of the calculated hash value over the keypacket + user id packet + signature packet are 0xE8 and 0xA4. In 5.2.4 is also said that "V4 signatures also hash in a final trailer of six octets: the version of the signature packet, i.e. 0x04; 0xFF; a four-octet, big-endian number that is the length of the hashed data from the signature packet (note that this number does not include these final six octets." I haven't found an unambiguous explanation for the length bytes. Is it the length of the whole data being hashed (from the public key packet through the end of the hashed subpacket data of signature packet) or just from the version number of the signature packet through the end of hashed subpacket data? I have studied old messages from the mailing list. For example in http://www.imc.org/ietf-openpgp/mail-archive/msg02966.html the structure of the explained like this: (header data) 0x99 2 octet length key packet body data (user id data) 0xb4 4 octet length username data (signature trailer) version field to end of hashable data V4 signature trailer 0x04 0xFF 4 octet length I think the structure is otherwise clear, but what should be done with the length of the user name? If I add three bytes to the key generated with the GnuPG, I still can't get the hash value to match with the two bytes GnuPG has calculated. Best regards, Kimmo Mäkeläinen _________________________________________________________________ 3 vrk:n sääennuste http://www.msn.fi/uutiset/saa ------=_NextPart_000_194f_56dd_6dda Content-Type: application/octet-stream; name="pubring.gpg" Content-Disposition: attachment; filename="pubring.gpg" Content-Transfer-Encoding: base64 mQGiBEKVbtERBACEIkiNrLzZZQYivsTw3qjUwBUBILzU9kJATnMZM+DaaF0B uTUX+CZJVCZQViLG9tk9aFlzEMmImBokJmNkasCEWhwcoKKJjDqTTIUO0k21 udKMD4RX8r5Xp1FxhJYcLqfuo20l4G2pgUOZ7rE0hBL10btJrb6aJ9ava8mO /fXTNwCgwfITmrgCrwsBT6lp98BzAUKrO/cD/2UsSeZKwTX3Fr4sYqCHVRjB ItTyFF+gB6UcT45QXmKtmhlSyZFxoWpXS7JA1KsdjUXUTv4dyjka3BcOk+fq nuPk+bo2+VI1oFJQmeFl/Gtqk8OF3VTAuO8IzE9tghw6+aDM8UdnOZcoEtUe 5WhdhnMKg/snspn3MxmKGgGwYjhJA/sEHKVV8QIXcG32NdgnmE4y72jy4aI5 OJpSHoRYGZjYVCQnRn6O2dyw9AVWQf/MwvsUqQNHkE6+C4X3MIAlWsCthlyW MFWjqsPxROBKv9pWXlcx0HnTlS5eW7AdsDCxx3hVnC2QDhSCsW6YiEPCN5wE R6x9RWgvR0HL6UsOQHlCtrQoS2ltbW8gTWFrZWxhaW5lbiA8c3BpZGVyLTQx QGhvdG1haWwuY29tPoheBBMRAgAeBQJClW7RAhsDBgsJCAcDAgMVAgMDFgIB Ah4BAheAAAoJEMsqzv1NDtvR6KQAoJ64WQs7U2d/OBysSPyLBjr842C9AJ9Y 3bKFi7BQrrn0M1+9NOfesOVg27ACAAO5AQ0EQpVu1BAEAKcrUSMQPeV9ofHr +wKRIKC3pE5xCUrNJdUfmPjAjDYM0r9j+Tg4UvvJjG7xOck7+THAPIrPbEhS AftNT99y58mTsV5noGwSmvoRkfTLaqkW8OoDkNeiNcprbYy+O2QPH3QP7iJ2 9Y5olFTlWFAMZ6U0snmboLpU0iioICJ74GH7AAMFA/9O/lydoEosL0+9dgjy 42FoQVVpVRke3QDsg+W1NvSoYct6Cj6BYKGaQ2rZd62mzZXcWBLnXi2NtC2f 857V8SZScfxHyluu8G6g/1an4Q6rClo73SVvBE5HsZKknz/LhBNE9ghCWZvE SUrDQYqAsVFgrQkFLJpxHjGAkn4Pk69FoIhJBBgRAgAJBQJClW7UAhsMAAoJ EMsqzv1NDtvRvf0Ani+ddRwJLHBMG2nHUy4CfH/Q6kVXAJ0RziBKYVu8zPjW UmbpuesoLbt2ebACAAM= ------=_NextPart_000_194f_56dd_6dda-- From owner-ietf-openpgp@mail.imc.org Thu May 26 12:44:31 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA11742 for ; Thu, 26 May 2005 12:44:31 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4QGOhTO032190; Thu, 26 May 2005 09:24:43 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4QGOhPg032189; Thu, 26 May 2005 09:24:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4QGOe5t032122 for ; Thu, 26 May 2005 09:24:42 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 2EE6957E8C; Thu, 26 May 2005 08:34:29 -0700 (PDT) To: ietf-openpgp@imc.org, spider-41@hotmail.com Subject: Re: Problems with calculating signatures over keys Message-Id: <20050526153429.2EE6957E8C@finney.org> Date: Thu, 26 May 2005 08:34:29 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Kimmo M?kel?inen writes: > First, how many octets there should be in the user id packet to define the > length of the username? > > It is said in the 5.2.4 that > "A V4 certification hashes the constant 0xb4 (which is an > old-style packet header with the length-of-length set to zero), a > four-octet number giving the length of the username, and then the > username data." > > However, in the key generated by GnuPG the length is given with only one > octet. I have used the PGPdump interface (http://www.pgpdump.net) to > visualize the key data, and the interface shows the data correctly, > including the user id packet. The number of octets that is hashed is different from the number that is used in the packet. For a V4 signature, always 4 octets of length are hashed. The number used in the packet may be 1, 2 or 4 octets. You need to pad the octets from the packet with leading 0's to get 4 octets for hash purposes, if fewer are used there. > In 5.2.4 is also said that > > "V4 signatures also hash in a final trailer of six octets: the version > of the signature packet, i.e. 0x04; 0xFF; a four-octet, big-endian > number that is the length of the hashed data from the signature > packet (note that this number does not include these final six > octets." > > I haven't found an unambiguous explanation for the length bytes. Is it the > length of the whole data being hashed (from the public key packet through > the end of the hashed subpacket data of signature packet) or just from the > version number of the signature packet through the end of hashed subpacket > data? It is the latter, it is the number of bytes hashed from the signature packet starting from the version number and going through the end of the hashed subpacket data. You are not the first person to have trouble getting it to work. Unfortunately it is the nature of cryptographic hashes that making even the slightest error produces a completely wrong result, with no hint about how close you are. We might want to consider some "test vectors" in the RFC which work through the process of verifying a signature. We'd show the key and associated packets, and then show the exact sequence of bytes which gets hashed. I think that would be a big help to implementors. Unfortunately once we open the door to including such an example, there are a lot of other things we might need to show. The public key signature operations themselves, signatures on text and binary messages, encryption and decryption, encrypt+sign, etc. We could almost use a separate RFC just with examples as an aid to implementors. Hal Finney From owner-ietf-openpgp@mail.imc.org Thu May 26 13:11:07 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA13767 for ; Thu, 26 May 2005 13:11:06 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4QGsDkl036134; Thu, 26 May 2005 09:54:13 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4QGsD8F036133; Thu, 26 May 2005 09:54:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cliodev.pgp.com (me@CLIODEV.IHTFP.ORG [204.107.200.20]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4QGsC92036120 for ; Thu, 26 May 2005 09:54:13 -0700 (PDT) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (cliodev.pgp.com [127.0.0.1]) by cliodev.pgp.com (8.13.1/8.13.1) with ESMTP id j4QGqpQc010501; Thu, 26 May 2005 12:52:51 -0400 Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id j4QGqko1010497; Thu, 26 May 2005 12:52:46 -0400 X-Authentication-Warning: cliodev.pgp.com: warlord set sender to warlord@MIT.EDU using -f From: Derek Atkins To: hal@finney.org ("Hal Finney") Cc: ietf-openpgp@imc.org, spider-41@hotmail.com Subject: Re: Problems with calculating signatures over keys References: <20050526153429.2EE6957E8C@finney.org> Date: Thu, 26 May 2005 12:52:46 -0400 In-Reply-To: <20050526153429.2EE6957E8C@finney.org> (Hal Finney's message of "Thu, 26 May 2005 08:34:29 -0700 (PDT)") Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hal, hal@finney.org ("Hal Finney") writes: > We might want to consider some "test vectors" in the RFC which work > through the process of verifying a signature. We'd show the key and > associated packets, and then show the exact sequence of bytes which > gets hashed. I think that would be a big help to implementors. I agree that this would be a boon to implementors. Do you want to volunteer to do this? :) > Unfortunately once we open the door to including such an example, > there are a lot of other things we might need to show. The public key > signature operations themselves, signatures on text and binary messages, > encryption and decryption, encrypt+sign, etc. We could almost use a > separate RFC just with examples as an aid to implementors. I also agree that a separate "Test Vectors" draft would be the right place to put it. It could even be an informational draft instead of a standards-track draft, but it could still be called something like: draft-ietf-openpgp-test-vectors > Hal Finney Are there any objections from the WG to doing this? As chair I think it's a good idea and would welcome a test vectors draft. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From owner-ietf-openpgp@mail.imc.org Fri May 27 16:54:00 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03276 for ; Fri, 27 May 2005 16:54:00 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4RKVFus043437; Fri, 27 May 2005 13:31:15 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4RKVFx1043436; Fri, 27 May 2005 13:31:15 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4RKVEP0043430 for ; Fri, 27 May 2005 13:31:15 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc12) with ESMTP id <20050527203108012001376he>; Fri, 27 May 2005 20:31:08 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j4RKVGo5017753 for ; Fri, 27 May 2005 16:31:16 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4RKV2Bk027632 for ; Fri, 27 May 2005 16:31:06 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4RKV12v027631 for ietf-openpgp@imc.org; Fri, 27 May 2005 16:31:01 -0400 Date: Fri, 27 May 2005 16:31:01 -0400 From: David Shaw To: OpenPGP Subject: Re: Elgamal Signatures? Message-ID: <20050527203101.GA27418@jabberwocky.com> Mail-Followup-To: OpenPGP References: <429460FD.4090807@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <429460FD.4090807@algroup.co.uk> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, May 25, 2005 at 12:26:53PM +0100, Ben Laurie wrote: > > I realise they're deprecated, but I still need to know the format. Where > can I find it? Should it be in the RFC? > > The problem being, of course, that things exist out there that use them. I don't think it should be in the RFC. The new RFC does not permit Elgamal signatures, so putting it in there serves little purpose. 2440 will continue to exist once the new RFC is out, so anyone looking for 2440-specific formats can look there. David From owner-ietf-openpgp@mail.imc.org Sat May 28 11:04:07 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA28369 for ; Sat, 28 May 2005 11:04:07 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4SEp7vg087712; Sat, 28 May 2005 07:51:07 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4SEp7Vr087711; Sat, 28 May 2005 07:51:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4SEp58q087703 for ; Sat, 28 May 2005 07:51:06 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Sat, 28 May 2005 07:51:04 -0700 Received: from [172.16.1.3] ([194.72.144.117]) by keys.merrymeet.com (PGP Universal service); Sat, 28 May 2005 07:51:04 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Sat, 28 May 2005 07:51:04 -0700 In-Reply-To: References: <20050526153429.2EE6957E8C@finney.org> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <77481f3168d671664599035a9a2e1d1a@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org, hal@finney.org ("Hal Finney"), spider-41@hotmail.com From: Jon Callas Subject: Re: Problems with calculating signatures over keys Date: Sat, 28 May 2005 07:51:02 -0700 To: Derek Atkins X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit > I also agree that a separate "Test Vectors" draft would be the right > place to put it. It could even be an informational draft instead of a > standards-track draft, but it could still be called something like: > draft-ietf-openpgp-test-vectors > >> Hal Finney > > Are there any objections from the WG to doing this? As chair I think > it's a good idea and would welcome a test vectors draft. > I'd go so far as to say it should be an implementation hints draft. It could include things like Elgamal signatures, as well, and other things that doing belong in the standards RFCs. Jon From owner-ietf-openpgp@mail.imc.org Sat May 28 17:07:42 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA03748 for ; Sat, 28 May 2005 17:07:42 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4SKkbZm082555; Sat, 28 May 2005 13:46:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4SKkbOx082554; Sat, 28 May 2005 13:46:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4SKkZur082544 for ; Sat, 28 May 2005 13:46:36 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id E92BE33C2E; Sat, 28 May 2005 21:46:32 +0100 (BST) Message-ID: <4298D923.1040803@algroup.co.uk> Date: Sat, 28 May 2005 21:48:35 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Shaw Cc: OpenPGP Subject: Re: Elgamal Signatures? References: <429460FD.4090807@algroup.co.uk> <20050527203101.GA27418@jabberwocky.com> In-Reply-To: <20050527203101.GA27418@jabberwocky.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit David Shaw wrote: > On Wed, May 25, 2005 at 12:26:53PM +0100, Ben Laurie wrote: > >>I realise they're deprecated, but I still need to know the format. Where >>can I find it? Should it be in the RFC? >> >>The problem being, of course, that things exist out there that use them. > > > I don't think it should be in the RFC. The new RFC does not permit > Elgamal signatures, so putting it in there serves little purpose. > 2440 will continue to exist once the new RFC is out, so anyone looking > for 2440-specific formats can look there. They aren't in 2440 either. Or I missed something. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon May 30 05:41:19 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA00867 for ; Mon, 30 May 2005 05:41:18 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4U9Jc88018158; Mon, 30 May 2005 02:19:38 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4U9Jc1g018157; Mon, 30 May 2005 02:19:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4U9JbNw018142 for ; Mon, 30 May 2005 02:19:37 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id C628833C3F for ; Mon, 30 May 2005 10:19:36 +0100 (BST) Message-ID: <429ADAA4.4090803@algroup.co.uk> Date: Mon, 30 May 2005 10:19:32 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP Subject: Stupid hash question? Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit I've been working on signatures recently, and I'm puzzled. As I understand it, the form of a decrypted signature is: 01 FF FF ... FF FF 00 However, every signature I look at decrypts to: 00 01 FF FF ... FF FF 00 Before I hurt my head trying to figure out why, I wonder if there's something obvious I missed? Cheers, Ben. From owner-ietf-openpgp@mail.imc.org Mon May 30 06:26:54 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA03010 for ; Mon, 30 May 2005 06:26:53 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UAAk2d054375; Mon, 30 May 2005 03:10:46 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UAAkJB054374; Mon, 30 May 2005 03:10:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UAAjQN054325 for ; Mon, 30 May 2005 03:10:45 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from localhost ([127.0.0.1] helo=silmor.de ident=www-data) by p15139323.pureserver.info with esmtp (Exim 3.35 #1 (Debian)) id 1DchE4-0000tD-00; Mon, 30 May 2005 12:10:28 +0200 Received: from 62.154.250.43 (SquirrelMail authenticated user konrad) by silmor.de with HTTP; Mon, 30 May 2005 12:10:28 +0200 (CEST) Message-ID: <39133.62.154.250.43.1117447828.squirrel@silmor.de> In-Reply-To: <429ADAA4.4090803@algroup.co.uk> References: <429ADAA4.4090803@algroup.co.uk> Date: Mon, 30 May 2005 12:10:28 +0200 (CEST) Subject: Re: Stupid hash question? From: "Konrad Rosenbaum" To: "Ben Laurie" Cc: "OpenPGP" User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit Ben Laurie said: > > I've been working on signatures recently, and I'm puzzled. As I > understand it, the form of a decrypted signature is: > > 01 FF FF ... FF FF 00 > > However, every signature I look at decrypts to: > > 00 01 FF FF ... FF FF 00 > > Before I hurt my head trying to figure out why, I wonder if there's > something obvious I missed? Hi Ben, leading zeros can be left out while it is still a large integer. Eg. for RSA signatures it is pretty normal that the signature is a) one byte smaller than the RSA-n or b) contains a leading zero. This pretty much depends on your implementation of large integers. Or to give you an example in C: It does not matter whether you assign int a=0x01; or: int a=0x000001; or.... whatever, it is still a "1". Really, leave the leading zero out. Even the former east-block states got rid of their leading zeros - it works pretty well... ;-) Konrad From owner-ietf-openpgp@mail.imc.org Mon May 30 07:39:02 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA07512 for ; Mon, 30 May 2005 07:39:02 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UBPUgX080592; Mon, 30 May 2005 04:25:30 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UBPUlk080591; Mon, 30 May 2005 04:25:30 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from hotmail.com (bay18-f7.bay18.hotmail.com [65.54.187.57]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UBPRMQ080543 for ; Mon, 30 May 2005 04:25:27 -0700 (PDT) (envelope-from spider-41@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 30 May 2005 04:25:22 -0700 Message-ID: Received: from 193.210.155.190 by by18fd.bay18.hotmail.msn.com with HTTP; Mon, 30 May 2005 11:25:21 GMT X-Originating-IP: [193.210.155.190] X-Originating-Email: [spider-41@hotmail.com] X-Sender: spider-41@hotmail.com In-Reply-To: <20050526153429.2EE6957E8C@finney.org> From: =?iso-8859-1?B?S2ltbW8gTeRrZWzkaW5lbg==?= To: hal@finney.org, ietf-openpgp@imc.org Subject: Re: Problems with calculating signatures over keys Date: Mon, 30 May 2005 14:25:21 +0300 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed X-OriginalArrivalTime: 30 May 2005 11:25:22.0295 (UTC) FILETIME=[447B8070:01C5650A] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Thanks for the clarification, but I still can't get the right resuts. I tried to calculate like this: SHA1(0x99 (public key tag)+ 0x01 + 0xA2 (key length) + Key packet (418 bytes) + 0xB4 (user id tag) + 0x00 + 0x00 + 0x00 + 0x28 (user id length) + User Id packet (40 bytes) + 0x04 + 0x13 + 0x11 + 0x02 + 0x00 + 0x1E + 0x05 + 0x02 + 0x42 + 0x95 + 0x6E + 0xD1 + 0x02 + 0x1B + 0x03 + 0x06 + 0x0B + 0x09 + 0x08 + 0x07 + 0x03 + 0x02 + 0x03 + 0x15 + 0x02 + 0x03 + 0x03 + 0x16 + 0x02 + 0x01 + 0x02 + 0x1E + 0x01 + 0x02 + 0x17 + 0x80 + Trailer: 0x04 + 0xFF + 0x24 (big endian length of hashed data from the sign. packet) + 0x00 + 0x00 + 0x00) The result I got was 0xfcfc4c8598c9349959eb5cb23321add6b92f2137, so the left bytes are 0xFC and 0xFC, but in the key the values are 0xE8 and 0xA4. Kimmo >From: hal@finney.org ("Hal Finney") >To: ietf-openpgp@imc.org, spider-41@hotmail.com >Subject: Re: Problems with calculating signatures over keys >Date: Thu, 26 May 2005 08:34:29 -0700 (PDT) > >Kimmo M?kel?inen writes: > > First, how many octets there should be in the user id packet to define >the > > length of the username? > > > > It is said in the 5.2.4 that > > "A V4 certification hashes the constant 0xb4 (which is an > > old-style packet header with the length-of-length set to zero), a > > four-octet number giving the length of the username, and then the > > username data." > > > > However, in the key generated by GnuPG the length is given with only one > > octet. I have used the PGPdump interface (http://www.pgpdump.net) to > > visualize the key data, and the interface shows the data correctly, > > including the user id packet. > >The number of octets that is hashed is different from the number that >is used in the packet. For a V4 signature, always 4 octets of length >are hashed. The number used in the packet may be 1, 2 or 4 octets. >You need to pad the octets from the packet with leading 0's to get 4 >octets for hash purposes, if fewer are used there. > > > In 5.2.4 is also said that > > > > "V4 signatures also hash in a final trailer of six octets: the version > > of the signature packet, i.e. 0x04; 0xFF; a four-octet, big-endian > > number that is the length of the hashed data from the signature > > packet (note that this number does not include these final six > > octets." > > > > I haven't found an unambiguous explanation for the length bytes. Is it >the > > length of the whole data being hashed (from the public key packet >through > > the end of the hashed subpacket data of signature packet) or just from >the > > version number of the signature packet through the end of hashed >subpacket > > data? > >It is the latter, it is the number of bytes hashed from the signature >packet starting from the version number and going through the end of >the hashed subpacket data. > >You are not the first person to have trouble getting it to work. >Unfortunately it is the nature of cryptographic hashes that making even >the slightest error produces a completely wrong result, with no hint >about how close you are. > >We might want to consider some "test vectors" in the RFC which work >through the process of verifying a signature. We'd show the key and >associated packets, and then show the exact sequence of bytes which >gets hashed. I think that would be a big help to implementors. > >Unfortunately once we open the door to including such an example, >there are a lot of other things we might need to show. The public key >signature operations themselves, signatures on text and binary messages, >encryption and decryption, encrypt+sign, etc. We could almost use a >separate RFC just with examples as an aid to implementors. > >Hal Finney > _________________________________________________________________ Hotmail vai Hotmail Plus? Tutustu palveluihin. http://www.imagine-msn.com/hotmail/fi-fi/ From owner-ietf-openpgp@mail.imc.org Mon May 30 07:39:40 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA07546 for ; Mon, 30 May 2005 07:39:40 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UBPv61080747; Mon, 30 May 2005 04:25:57 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UBPvQd080746; Mon, 30 May 2005 04:25:57 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from hotmail.com (bay18-f15.bay18.hotmail.com [65.54.187.65]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UBPu4o080712 for ; Mon, 30 May 2005 04:25:56 -0700 (PDT) (envelope-from spider-41@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 30 May 2005 04:25:51 -0700 Message-ID: Received: from 193.210.155.190 by by18fd.bay18.hotmail.msn.com with HTTP; Mon, 30 May 2005 11:25:50 GMT X-Originating-IP: [193.210.155.190] X-Originating-Email: [spider-41@hotmail.com] X-Sender: spider-41@hotmail.com In-Reply-To: <20050526153429.2EE6957E8C@finney.org> From: =?iso-8859-1?B?S2ltbW8gTeRrZWzkaW5lbg==?= To: hal@finney.org, ietf-openpgp@imc.org Subject: Re: Problems with calculating signatures over keys Date: Mon, 30 May 2005 14:25:50 +0300 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed X-OriginalArrivalTime: 30 May 2005 11:25:51.0521 (UTC) FILETIME=[55E70910:01C5650A] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Thanks for the clarification, but I still can't get the right resuts. I tried to calculate like this: SHA1(0x99 (public key tag)+ 0x01 + 0xA2 (key length) + Key packet (418 bytes) + 0xB4 (user id tag) + 0x00 + 0x00 + 0x00 + 0x28 (user id length) + User Id packet (40 bytes) + 0x04 + 0x13 + 0x11 + 0x02 + 0x00 + 0x1E + 0x05 + 0x02 + 0x42 + 0x95 + 0x6E + 0xD1 + 0x02 + 0x1B + 0x03 + 0x06 + 0x0B + 0x09 + 0x08 + 0x07 + 0x03 + 0x02 + 0x03 + 0x15 + 0x02 + 0x03 + 0x03 + 0x16 + 0x02 + 0x01 + 0x02 + 0x1E + 0x01 + 0x02 + 0x17 + 0x80 + Trailer: 0x04 + 0xFF + 0x24 (big endian length of hashed data from the sign. packet) + 0x00 + 0x00 + 0x00) The result I got was 0xfcfc4c8598c9349959eb5cb23321add6b92f2137, so the left bytes are 0xFC and 0xFC, but in the key the values are 0xE8 and 0xA4. Kimmo >From: hal@finney.org ("Hal Finney") >To: ietf-openpgp@imc.org, spider-41@hotmail.com >Subject: Re: Problems with calculating signatures over keys >Date: Thu, 26 May 2005 08:34:29 -0700 (PDT) > >Kimmo M?kel?inen writes: > > First, how many octets there should be in the user id packet to define >the > > length of the username? > > > > It is said in the 5.2.4 that > > "A V4 certification hashes the constant 0xb4 (which is an > > old-style packet header with the length-of-length set to zero), a > > four-octet number giving the length of the username, and then the > > username data." > > > > However, in the key generated by GnuPG the length is given with only one > > octet. I have used the PGPdump interface (http://www.pgpdump.net) to > > visualize the key data, and the interface shows the data correctly, > > including the user id packet. > >The number of octets that is hashed is different from the number that >is used in the packet. For a V4 signature, always 4 octets of length >are hashed. The number used in the packet may be 1, 2 or 4 octets. >You need to pad the octets from the packet with leading 0's to get 4 >octets for hash purposes, if fewer are used there. > > > In 5.2.4 is also said that > > > > "V4 signatures also hash in a final trailer of six octets: the version > > of the signature packet, i.e. 0x04; 0xFF; a four-octet, big-endian > > number that is the length of the hashed data from the signature > > packet (note that this number does not include these final six > > octets." > > > > I haven't found an unambiguous explanation for the length bytes. Is it >the > > length of the whole data being hashed (from the public key packet >through > > the end of the hashed subpacket data of signature packet) or just from >the > > version number of the signature packet through the end of hashed >subpacket > > data? > >It is the latter, it is the number of bytes hashed from the signature >packet starting from the version number and going through the end of >the hashed subpacket data. > >You are not the first person to have trouble getting it to work. >Unfortunately it is the nature of cryptographic hashes that making even >the slightest error produces a completely wrong result, with no hint >about how close you are. > >We might want to consider some "test vectors" in the RFC which work >through the process of verifying a signature. We'd show the key and >associated packets, and then show the exact sequence of bytes which >gets hashed. I think that would be a big help to implementors. > >Unfortunately once we open the door to including such an example, >there are a lot of other things we might need to show. The public key >signature operations themselves, signatures on text and binary messages, >encryption and decryption, encrypt+sign, etc. We could almost use a >separate RFC just with examples as an aid to implementors. > >Hal Finney > _________________________________________________________________ Lataa ilmainen MSN Messenger http://messenger.msn.fi From owner-ietf-openpgp@mail.imc.org Mon May 30 08:28:29 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA10303 for ; Mon, 30 May 2005 08:28:29 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UCEo7M096508; Mon, 30 May 2005 05:14:50 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UCEowH096507; Mon, 30 May 2005 05:14:50 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UCEmNx096489 for ; Mon, 30 May 2005 05:14:49 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 2061533C33; Mon, 30 May 2005 13:14:48 +0100 (BST) Message-ID: <429B03B3.1000904@algroup.co.uk> Date: Mon, 30 May 2005 13:14:43 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum Cc: OpenPGP Subject: Re: Stupid hash question? References: <429ADAA4.4090803@algroup.co.uk> <39133.62.154.250.43.1117447828.squirrel@silmor.de> In-Reply-To: <39133.62.154.250.43.1117447828.squirrel@silmor.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Konrad Rosenbaum wrote: > Ben Laurie said: > >>I've been working on signatures recently, and I'm puzzled. As I >>understand it, the form of a decrypted signature is: >> >>01 FF FF ... FF FF 00 >> >>However, every signature I look at decrypts to: >> >>00 01 FF FF ... FF FF 00 >> >>Before I hurt my head trying to figure out why, I wonder if there's >>something obvious I missed? > > > Hi Ben, > > leading zeros can be left out while it is still a large integer. Eg. for > RSA signatures it is pretty normal that the signature is a) one byte > smaller than the RSA-n or b) contains a leading zero. This pretty much > depends on your implementation of large integers. Or to give you an > example in C: > > It does not matter whether you assign > int a=0x01; > or: > int a=0x000001; > or.... whatever, it is still a "1". I realise that, but if I do that, then I have one less FF than I (think) I should have. Cheers, Ben. From owner-ietf-openpgp@mail.imc.org Mon May 30 08:37:35 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA11236 for ; Mon, 30 May 2005 08:37:34 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UCOt19000350; Mon, 30 May 2005 05:24:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UCOt31000349; Mon, 30 May 2005 05:24:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtpa.itss.auckland.ac.nz (groucho.itss.auckland.ac.nz [130.216.190.11]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UCOsBH000335 for ; Mon, 30 May 2005 05:24:55 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (smtpa.itss.auckland.ac.nz [127.0.0.1]) by smtpa.itss.auckland.ac.nz (Postfix) with ESMTP id CA53335112; Tue, 31 May 2005 00:24:53 +1200 (NZST) Received: from smtpa.itss.auckland.ac.nz ([127.0.0.1]) by localhost (smtpa.itss.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23677-16; Tue, 31 May 2005 00:24:53 +1200 (NZST) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by smtpa.itss.auckland.ac.nz (Postfix) with ESMTP id 45453340A1; Tue, 31 May 2005 00:24:52 +1200 (NZST) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 5E53837749; Tue, 31 May 2005 00:24:52 +1200 (NZST) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1DcjKD-0002e2-00; Tue, 31 May 2005 00:24:57 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ben@algroup.co.uk, konrad@silmor.de Subject: Re: Stupid hash question? Cc: ietf-openpgp@imc.org In-Reply-To: <429B03B3.1000904@algroup.co.uk> Message-Id: Date: Tue, 31 May 2005 00:24:57 +1200 X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie writes: >I have one less FF than I (think) I should have. You don't count the FF's, you just continue along them until you find a non- FF. Peter. From owner-ietf-openpgp@mail.imc.org Mon May 30 10:50:54 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA19785 for ; Mon, 30 May 2005 10:50:54 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UEatoT037853; Mon, 30 May 2005 07:36:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UEat8Q037852; Mon, 30 May 2005 07:36:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UEapba037843 for ; Mon, 30 May 2005 07:36:52 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 3407A33C2E; Mon, 30 May 2005 15:36:51 +0100 (BST) Message-ID: <429B24FE.4030607@algroup.co.uk> Date: Mon, 30 May 2005 15:36:46 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter Gutmann Cc: konrad@silmor.de, ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Peter Gutmann wrote: > Ben Laurie writes: > > >>I have one less FF than I (think) I should have. > > > You don't count the FF's, you just continue along them until you find a non- > FF. This is incorrect. However, further research answers my own question and reveals a bug in d-i-o-r-13. RFC 2437 specifies RSA signing in section 8.1.1 - and this uses (for some reason, any idea why?) an EMSA-PKCS1-V1_5 encoding of length k-1 (where k is the keylength in octets). I presume that OpenPGP uses this algorithm. The I-D does not specify the length of the encoding, which is a bug: it should either specify it is of length k-1 or refer to RFC 2437 8.1.1. However, I'm still left with a question, since 2437 only specifies RSA signatures. What lengths should be used with DSA and Elgamal? Of course, since these will have to be specified, it would make more sense to specify the length in the I-D than to refer to 2437 for it. Cheers, Ben. From owner-ietf-openpgp@mail.imc.org Mon May 30 12:12:40 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24995 for ; Mon, 30 May 2005 12:12:39 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UFwB51042714; Mon, 30 May 2005 08:58:11 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UFwBNT042713; Mon, 30 May 2005 08:58:11 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtpc.itss.auckland.ac.nz (harpo.itss.auckland.ac.nz [130.216.190.13]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UFw9BZ042704 for ; Mon, 30 May 2005 08:58:09 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtpc.itss.auckland.ac.nz (Postfix) with ESMTP id 188EC34D69; Tue, 31 May 2005 03:58:08 +1200 (NZST) Received: from smtpc.itss.auckland.ac.nz ([127.0.0.1]) by localhost (smtpc.itss.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16409-20; Tue, 31 May 2005 03:58:08 +1200 (NZST) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by smtpc.itss.auckland.ac.nz (Postfix) with ESMTP id F1C6134BB7; Tue, 31 May 2005 03:58:07 +1200 (NZST) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 9FB9237749; Tue, 31 May 2005 03:58:07 +1200 (NZST) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1Dcmec-0002ja-00; Tue, 31 May 2005 03:58:14 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ben@algroup.co.uk, pgut001@cs.auckland.ac.nz Subject: Re: Stupid hash question? Cc: ietf-openpgp@imc.org, konrad@silmor.de In-Reply-To: <429B24FE.4030607@algroup.co.uk> Message-Id: Date: Tue, 31 May 2005 03:58:14 +1200 X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie writes: >Peter Gutmann wrote: >>You don't count the FF's, you just continue along them until you find a non- >>FF. > >This is incorrect. Since the data payload (i.e. the ASN.1 wrapper and hash) is variable-length and not known in advance, how are you expecting to know in advance how many FF's are present without walking along them until you find a non-FF? ESP? Magic? Peter. From owner-ietf-openpgp@mail.imc.org Mon May 30 13:29:05 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA28730 for ; Mon, 30 May 2005 13:29:04 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UHFjbE047392; Mon, 30 May 2005 10:15:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UHFjS0047391; Mon, 30 May 2005 10:15:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UHFikW047382 for ; Mon, 30 May 2005 10:15:44 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id B9B0557E8C; Mon, 30 May 2005 09:25:51 -0700 (PDT) To: ben@algroup.co.uk, ietf-openpgp@imc.org Subject: Re: Stupid hash question? Message-Id: <20050530162551.B9B0557E8C@finney.org> Date: Mon, 30 May 2005 09:25:51 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie writes: > I've been working on signatures recently, and I'm puzzled. As I > understand it, the form of a decrypted signature is: > > 01 FF FF ... FF FF 00 > > However, every signature I look at decrypts to: > > 00 01 FF FF ... FF FF 00 > > Before I hurt my head trying to figure out why, I wonder if there's > something obvious I missed? Actually if you look at PKCS-1 v1.5 you will find that in fact the MSB is a 0 and the next byte is a 1 for signatures, a 2 for encryption. Generally the MSB may not be a whole octet, depending on the size of the modulus, so they put a zero there. Hal Finney From owner-ietf-openpgp@mail.imc.org Mon May 30 14:38:33 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA03991 for ; Mon, 30 May 2005 14:38:33 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UIQO7A052375; Mon, 30 May 2005 11:26:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UIQOLR052374; Mon, 30 May 2005 11:26:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UIQNBi052361 for ; Mon, 30 May 2005 11:26:23 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from p54b3fa98.dip.t-dialin.net ([84.179.250.152] helo=zaphod.local) by p15139323.pureserver.info with asmtp (Exim 3.35 #1 (Debian)) id 1Dcoxi-0001wv-00; Mon, 30 May 2005 20:26:06 +0200 From: Konrad Rosenbaum To: Ben Laurie , ietf-openpgp@imc.org Subject: Re: Stupid hash question? Date: Mon, 30 May 2005 20:25:55 +0200 User-Agent: KMail/1.8 References: <429B24FE.4030607@algroup.co.uk> In-Reply-To: <429B24FE.4030607@algroup.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1252236.2FXAaGreal"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505302025.59879@zaphod.konrad.silmor.de> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --nextPart1252236.2FXAaGreal Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Monday 30 May 2005 16:36, Ben Laurie wrote: > However, I'm still left with a question, since 2437 only specifies RSA > signatures. What lengths should be used with DSA and Elgamal? That's trivial: with DSA there is no such thing as an encoding length, sinc= e=20 the Hash is used directly and has to be of the correct length (with 1024=20 bit DSA you SHOULD use SHA-1, which is 160 bit wide, which (ohh wonder!)=20 matches the requirement of DSA). Elgamal is also trivial: don't use it for signatures. It's insecure. (Or=20 rather: it is so hard to make it secure that it is not worth it.) Konrad --nextPart1252236.2FXAaGreal Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBCm1q3Clt766LaIH0RAj89AKCN18Y5aoDZBHItJS6JbyQbLcCicACfSi5R PeGoIVqpmYmmHZMAyp5mmWg= =1hkf -----END PGP SIGNATURE----- --nextPart1252236.2FXAaGreal-- From owner-ietf-openpgp@mail.imc.org Tue May 31 04:03:09 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA15366 for ; Tue, 31 May 2005 04:03:09 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V7sbNY068980; Tue, 31 May 2005 00:54:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4V7sbeI068979; Tue, 31 May 2005 00:54:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V7sZEP068962 for ; Tue, 31 May 2005 00:54:36 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 3C8E133C2E; Tue, 31 May 2005 08:54:15 +0100 (BST) Message-ID: <429C181B.2050003@algroup.co.uk> Date: Tue, 31 May 2005 08:54:03 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum Cc: ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> In-Reply-To: <200505302025.59879@zaphod.konrad.silmor.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Konrad Rosenbaum wrote: > On Monday 30 May 2005 16:36, Ben Laurie wrote: > >>However, I'm still left with a question, since 2437 only specifies RSA >>signatures. What lengths should be used with DSA and Elgamal? > > > That's trivial: with DSA there is no such thing as an encoding length, since > the Hash is used directly and has to be of the correct length (with 1024 > bit DSA you SHOULD use SHA-1, which is 160 bit wide, which (ohh wonder!) > matches the requirement of DSA). > > Elgamal is also trivial: don't use it for signatures. It's insecure. (Or > rather: it is so hard to make it secure that it is not worth it.) As I have previously stated, my keyring contains Elgamal signatures. I'm sure I'm not alone in this. I want to be able to check them. I think its fine to deprecate them, but refusing to describe them is just annoying. Cheers, Ben. From owner-ietf-openpgp@mail.imc.org Tue May 31 04:03:30 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA15421 for ; Tue, 31 May 2005 04:03:29 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V7mu76067076; Tue, 31 May 2005 00:48:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4V7mub8067075; Tue, 31 May 2005 00:48:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V7msHj067056 for ; Tue, 31 May 2005 00:48:55 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id A93C233C33; Tue, 31 May 2005 08:48:52 +0100 (BST) Message-ID: <429C16DF.9060908@algroup.co.uk> Date: Tue, 31 May 2005 08:48:47 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter Gutmann Cc: ietf-openpgp@imc.org, konrad@silmor.de Subject: Re: Stupid hash question? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Peter Gutmann wrote: > Ben Laurie writes: > >>Peter Gutmann wrote: >> >>>You don't count the FF's, you just continue along them until you find a non- >>>FF. >> >>This is incorrect. > > > Since the data payload (i.e. the ASN.1 wrapper and hash) is variable-length > and not known in advance, how are you expecting to know in advance how many > FF's are present without walking along them until you find a non-FF? ESP? > Magic? It is known in advance. Cheers, Ben. From owner-ietf-openpgp@mail.imc.org Tue May 31 04:13:08 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA15880 for ; Tue, 31 May 2005 04:13:07 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V810FT071339; Tue, 31 May 2005 01:01:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4V810Sw071338; Tue, 31 May 2005 01:01:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V80vB8071294 for ; Tue, 31 May 2005 01:00:58 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 2465833C33; Tue, 31 May 2005 09:00:55 +0100 (BST) Message-ID: <429C19B2.9040506@algroup.co.uk> Date: Tue, 31 May 2005 09:00:50 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney Cc: ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: <20050530162551.B9B0557E8C@finney.org> In-Reply-To: <20050530162551.B9B0557E8C@finney.org> Content-Type: text/plain; charset=GB2312 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hal Finney wrote: > Ben Laurie writes: > >>I've been working on signatures recently, and I'm puzzled. As I >>understand it, the form of a decrypted signature is: >> >>01 FF FF ... FF FF 00 >> >>However, every signature I look at decrypts to: >> >>00 01 FF FF ... FF FF 00 >> >>Before I hurt my head trying to figure out why, I wonder if there's >>something obvious I missed? > > > > Actually if you look at PKCS-1 v1.5 you will find that in fact the > MSB is a 0 and the next byte is a 1 for signatures, a 2 for encryption. > Generally the MSB may not be a whole octet, depending on the size of > the modulus, so they put a zero there. This is true, as I said elsewhere - but the I-D does not refer to the place where you are told this. As an incidental cryptographic query - it seems to me that merely not having the top bit set should be sufficient to ensure that the MSB is not too large, so it isn't clear to me (given that the first byte is 1) why an extra byte of padding is deemed necessary. Did I miss something? Cheers, Ben. From owner-ietf-openpgp@mail.imc.org Tue May 31 04:59:53 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA19089 for ; Tue, 31 May 2005 04:59:53 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V8qLXO090084; Tue, 31 May 2005 01:52:21 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4V8qLxF090083; Tue, 31 May 2005 01:52:21 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V8qKVR090043 for ; Tue, 31 May 2005 01:52:20 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from localhost ([127.0.0.1] helo=silmor.de ident=www-data) by p15139323.pureserver.info with esmtp (Exim 3.35 #1 (Debian)) id 1Dd2Tj-0003gF-00; Tue, 31 May 2005 10:52:03 +0200 Received: from 62.154.250.43 (SquirrelMail authenticated user konrad) by silmor.de with HTTP; Tue, 31 May 2005 10:52:03 +0200 (CEST) Message-ID: <22225.62.154.250.43.1117529523.squirrel@silmor.de> In-Reply-To: <429C181B.2050003@algroup.co.uk> References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> <429C181B.2050003@algroup.co.uk> Date: Tue, 31 May 2005 10:52:03 +0200 (CEST) Subject: Re: Stupid hash question? From: "Konrad Rosenbaum" To: "Ben Laurie" Cc: ietf-openpgp@imc.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit Ben Laurie said: > As I have previously stated, my keyring contains Elgamal signatures. I'm > sure I'm not alone in this. I want to be able to check them. I think its > fine to deprecate them, but refusing to describe them is just annoying. As far as I recall it is PKCS#1-v1.5 - just like RSA. However, these signatures are not worth anything, since they leak the key and are easily forgable after the first signature. So bothering with verifying them is nonsense in my opinion. Cryptographically an Elgamal signature on something tells you as much about that something as a coffee stain on a printout of it. Konrad From owner-ietf-openpgp@mail.imc.org Tue May 31 05:32:05 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA21327 for ; Tue, 31 May 2005 05:32:04 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V9GbLE098517; Tue, 31 May 2005 02:16:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4V9GbXX098516; Tue, 31 May 2005 02:16:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V9GajE098502 for ; Tue, 31 May 2005 02:16:37 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 93E1633C33; Tue, 31 May 2005 10:16:36 +0100 (BST) Message-ID: <429C2B6F.2070803@algroup.co.uk> Date: Tue, 31 May 2005 10:16:31 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum Cc: ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> <429C181B.2050003@algroup.co.uk> <22225.62.154.250.43.1117529523.squirrel@silmor.de> In-Reply-To: <22225.62.154.250.43.1117529523.squirrel@silmor.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Konrad Rosenbaum wrote: > Ben Laurie said: > >>As I have previously stated, my keyring contains Elgamal signatures. I'm >>sure I'm not alone in this. I want to be able to check them. I think its >>fine to deprecate them, but refusing to describe them is just annoying. > > > As far as I recall it is PKCS#1-v1.5 - just like RSA. > > However, these signatures are not worth anything, since they leak the key > and are easily forgable after the first signature. So bothering with > verifying them is nonsense in my opinion. Cryptographically an Elgamal > signature on something tells you as much about that something as a coffee > stain on a printout of it. This is a reason to deprecate them, not a reason not to describe them. From owner-ietf-openpgp@mail.imc.org Tue May 31 06:24:20 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA25294 for ; Tue, 31 May 2005 06:24:19 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VA7ZvC016659; Tue, 31 May 2005 03:07:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VA7ZXX016658; Tue, 31 May 2005 03:07:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VA7YVT016639 for ; Tue, 31 May 2005 03:07:34 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Tue, 31 May 2005 03:07:31 -0700 Received: from [172.16.1.3] ([194.72.144.117]) by keys.merrymeet.com (PGP Universal service); Tue, 31 May 2005 03:07:30 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 31 May 2005 03:07:30 -0700 In-Reply-To: <429C2B6F.2070803@algroup.co.uk> References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> <429C181B.2050003@algroup.co.uk> <22225.62.154.250.43.1117529523.squirrel@silmor.de> <429C2B6F.2070803@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: Konrad Rosenbaum , ietf-openpgp@imc.org From: Jon Callas Subject: Re: Stupid hash question? Date: Tue, 31 May 2005 03:07:28 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 31 May 2005, at 2:16 AM, Ben Laurie wrote: > > This is a reason to deprecate them, not a reason not to describe them. > > They're more than deprecated, they're disallowed. All of the keys have been declared invalid. The documents don't say you MUST or even SHOULD consider them all broken, but no one would bat an eyelash if you did. Nonetheless, if you wanted to look inside one anyway, a lawyerly reading of the document doesn't disallow it. I believe Konrad Rosenbaum is correct, that it's a PKCS1/1.5 content. The GnuPG guys would be best to comment, as they're the only ones who ever implemented them. Jon From owner-ietf-openpgp@mail.imc.org Tue May 31 07:56:02 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA02549 for ; Tue, 31 May 2005 07:56:02 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VBeOSF050291; Tue, 31 May 2005 04:40:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VBeOVu050290; Tue, 31 May 2005 04:40:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VBeLlf050265 for ; Tue, 31 May 2005 04:40:22 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1Dd4VK-0007ic-2m for ; Tue, 31 May 2005 13:01:50 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1Dd52v-00011K-58; Tue, 31 May 2005 13:36:33 +0200 To: Jon Callas Cc: Ben Laurie , Konrad Rosenbaum , ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> <429C181B.2050003@algroup.co.uk> <22225.62.154.250.43.1117529523.squirrel@silmor.de> <429C2B6F.2070803@algroup.co.uk> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Tue, 31 May 2005 13:36:33 +0200 In-Reply-To: (Jon Callas's message of "Tue, 31 May 2005 03:07:28 -0700") Message-ID: <877jhf630e.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, 31 May 2005 03:07:28 -0700, Jon Callas said: > I believe Konrad Rosenbaum is correct, that it's a PKCS1/1.5 > content. The GnuPG guys would be best to comment, as they're the only > ones who ever implemented them. Frankly, I don't know this anymore because we have removed all Elgamal signature code from GnuPG. Old versions are still available and it should be easy to figure out the format. Shalom-Salam, Werner From owner-ietf-openpgp@mail.imc.org Tue May 31 08:40:14 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA05642 for ; Tue, 31 May 2005 08:40:13 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VCQ9dw065718; Tue, 31 May 2005 05:26:09 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VCQ9e5065717; Tue, 31 May 2005 05:26:09 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VCQ84L065706 for ; Tue, 31 May 2005 05:26:08 -0700 (PDT) (envelope-from iang@systemics.com) Received: from localhost (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 9BF9E51BB9; Tue, 31 May 2005 13:26:06 +0100 (BST) From: Ian G To: "Konrad Rosenbaum" Subject: Re: Stupid hash question? Date: Tue, 31 May 2005 13:24:50 +0100 User-Agent: KMail/1.8 Cc: "Ben Laurie" , ietf-openpgp@imc.org References: <429C181B.2050003@algroup.co.uk> <22225.62.154.250.43.1117529523.squirrel@silmor.de> In-Reply-To: <22225.62.154.250.43.1117529523.squirrel@silmor.de> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200505311324.55525.iang@systemics.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On Tuesday 31 May 2005 09:52, Konrad Rosenbaum wrote: > Ben Laurie said: > > As I have previously stated, my keyring contains Elgamal signatures. I'm > > sure I'm not alone in this. I want to be able to check them. I think its > > fine to deprecate them, but refusing to describe them is just annoying. > > As far as I recall it is PKCS#1-v1.5 - just like RSA. > > However, these signatures are not worth anything, since they leak the key > and are easily forgable after the first signature. So bothering with > verifying them is nonsense in my opinion. Cryptographically an Elgamal > signature on something tells you as much about that something as a coffee > stain on a printout of it. If they are as dangerous as you say - "leak the key" and "forgeable" - then perhaps they should be more than deprecated, they should be marked as "SHOULD NOT be verified and should be marked in some negative fashion to indicate broken tech to the user" ? Just because something exists is not a sufficient argument for including it in the ID. If we are of the opinion that something should not be done and not be promulgated then leaving it out and marking the allocated numbers as "reserved" should be sufficient. A standard is a document describing what we want people to do, not what we want people not to do. iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html From owner-ietf-openpgp@mail.imc.org Tue May 31 09:06:31 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA07328 for ; Tue, 31 May 2005 09:06:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VCtNKg076008; Tue, 31 May 2005 05:55:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VCtNfF076007; Tue, 31 May 2005 05:55:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VCtMr0075993 for ; Tue, 31 May 2005 05:55:22 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1Dd5ft-0000pC-C3 for ; Tue, 31 May 2005 14:16:49 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1Dd6Ct-0003MJ-5j; Tue, 31 May 2005 14:50:55 +0200 To: "Konrad Rosenbaum" Cc: "Ben Laurie" , ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> <429C181B.2050003@algroup.co.uk> <22225.62.154.250.43.1117529523.squirrel@silmor.de> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Tue, 31 May 2005 14:50:55 +0200 In-Reply-To: <22225.62.154.250.43.1117529523.squirrel@silmor.de> (Konrad Rosenbaum's message of "Tue, 31 May 2005 10:52:03 +0200 (CEST)") Message-ID: <87y89v4l00.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, 31 May 2005 10:52:03 +0200 (CEST), Konrad Rosenbaum said: > However, these signatures are not worth anything, since they leak the key > and are easily forgable after the first signature. So bothering with That is not correct. They leak the key only when used with broken software or when the key has been created with such software. Certain versions of GnuPG (1.0.2 - 1.3.3) were broken and thus one should better assume that the key has been broken. See http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.html for details. Salam-Shalom, Werner From owner-ietf-openpgp@mail.imc.org Tue May 31 12:53:49 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA25145 for ; Tue, 31 May 2005 12:53:49 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VGf3H4098360; Tue, 31 May 2005 09:41:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VGf3JU098359; Tue, 31 May 2005 09:41:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VGf3ZD098352 for ; Tue, 31 May 2005 09:41:03 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 3EA9557E8C; Tue, 31 May 2005 08:51:13 -0700 (PDT) To: hal@finney.org, ietf-openpgp@imc.org, spider-41@hotmail.com Subject: Re: Problems with calculating signatures over keys Message-Id: <20050531155113.3EA9557E8C@finney.org> Date: Tue, 31 May 2005 08:51:13 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I sent Kimmo private mail from on the road showing a problem: > Thanks for the clarification, but I still can't get the right resuts. I > tried to calculate like this: > > SHA1(0x99 (public key tag)+ 0x01 + 0xA2 (key length) + Key packet (418 > bytes) + 0xB4 (user id tag) + 0x00 + 0x00 + 0x00 + 0x28 (user id length) + > User Id packet (40 bytes) + 0x04 + 0x13 + 0x11 + 0x02 + 0x00 + 0x1E + 0x05 + > 0x02 + 0x42 + 0x95 + 0x6E + 0xD1 + 0x02 + 0x1B + 0x03 + 0x06 + 0x0B + 0x09 + > 0x08 + 0x07 + 0x03 + 0x02 + 0x03 + 0x15 + 0x02 + 0x03 + 0x03 + 0x16 + 0x02 + > 0x01 + 0x02 + 0x1E + 0x01 + 0x02 + 0x17 + 0x80 + Trailer: 0x04 + 0xFF + 0x24 > (big endian length of hashed data from the sign. packet) + 0x00 + 0x00 + > 0x00) The last four bytes should be 00 00 00 24 not 24 00 00 00. It is supposed to be the length of hashed data from the signature packet, which is hex 24, in four octet big-endian form. He sent back that this fixed the problem. I do like the idea of an "implementation examples" document but I am not sure I am the right person to do it, due to time demands. I'll talk to the management at work and see if this is something that I or someone else could get some time to prepare in the next few weeks or months. Hal Finney From owner-ietf-openpgp@mail.imc.org Tue May 31 13:14:10 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA26267 for ; Tue, 31 May 2005 13:14:09 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VH0ueq099630; Tue, 31 May 2005 10:00:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VH0uK3099629; Tue, 31 May 2005 10:00:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VH0tDb099622 for ; Tue, 31 May 2005 10:00:55 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id DC00C57E8C; Tue, 31 May 2005 09:11:05 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Re: Stupid hash question? Message-Id: <20050531161105.DC00C57E8C@finney.org> Date: Tue, 31 May 2005 09:11:05 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie writes: > This is true, as I said elsewhere - but the I-D does not refer to the > place where you are told this. Yes, perhaps section 8.1 of RFC 2437 would be a better place to link to. Although that describes more than just padding... > As an incidental cryptographic query - it seems to me that merely not > having the top bit set should be sufficient to ensure that the MSB is > not too large, so it isn't clear to me (given that the first byte is 1) > why an extra byte of padding is deemed necessary. Did I miss something? If the modulus started off 0x01 0x00... then padding as 0x01 0xFF... would not be guaranteed to be smaller than the modulus. Also, there are two padding versions, one with a type of 0x01 for signatures, and one with a type of 0x02 for encryption, and the 0x02 version would be even more problematic if the 2 were put into the MSByte. Making an MSB of zero solves both problems. They could have done it bit-oriented and pushed the 1/2 type information a few bits further to the left, but byte-oriented padding is generally simpler to implement. Hal From owner-ietf-openpgp@mail.imc.org Tue May 31 14:39:34 2005 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA06579 for ; Tue, 31 May 2005 14:39:33 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VIMKGS005274; Tue, 31 May 2005 11:22:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VIMKkK005273; Tue, 31 May 2005 11:22:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VIMKT6005260 for ; Tue, 31 May 2005 11:22:20 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc12) with ESMTP id <20050531182204014003lkqee>; Tue, 31 May 2005 18:22:14 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j4VIM4o5010053 for ; Tue, 31 May 2005 14:22:04 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4VIM2qq002599 for ; Tue, 31 May 2005 14:22:02 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4VIM2AI002598 for ietf-openpgp@imc.org; Tue, 31 May 2005 14:22:02 -0400 Date: Tue, 31 May 2005 14:22:02 -0400 From: David Shaw To: OpenPGP Subject: Re: Elgamal Signatures? Message-ID: <20050531182202.GA2527@jabberwocky.com> Mail-Followup-To: OpenPGP References: <429460FD.4090807@algroup.co.uk> <20050527203101.GA27418@jabberwocky.com> <4298D923.1040803@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4298D923.1040803@algroup.co.uk> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Sat, May 28, 2005 at 09:48:35PM +0100, Ben Laurie wrote: > > David Shaw wrote: > >On Wed, May 25, 2005 at 12:26:53PM +0100, Ben Laurie wrote: > > > >>I realise they're deprecated, but I still need to know the format. Where > >>can I find it? Should it be in the RFC? > >> > >>The problem being, of course, that things exist out there that use them. > > > > > >I don't think it should be in the RFC. The new RFC does not permit > >Elgamal signatures, so putting it in there serves little purpose. > >2440 will continue to exist once the new RFC is out, so anyone looking > >for 2440-specific formats can look there. > > They aren't in 2440 either. Or I missed something. Indeed, much to my surprise, they're not in 2440. I thought I had seen them in there. To me this is another reason to not put them in the new RFC. They were underspecified in 2440, and they're verboten in 2440bis. Specifying something that is not permitted now, and was not fully specified in the past seems odd to me. The format that GnuPG used (past tense) is similar to RSA in the PKCS encoding. If you look at the sign() function in http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnupg/cipher/elgamal.c?content-type=text%2Fplain&rev=1.35 you can see exactly what is done. MPI a and b in that function are the two MPIs that wind up in the Elgamal signature packet. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VIMKGS005274; Tue, 31 May 2005 11:22:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VIMKkK005273; Tue, 31 May 2005 11:22:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VIMKT6005260 for ; Tue, 31 May 2005 11:22:20 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc12) with ESMTP id <20050531182204014003lkqee>; Tue, 31 May 2005 18:22:14 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j4VIM4o5010053 for ; Tue, 31 May 2005 14:22:04 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4VIM2qq002599 for ; Tue, 31 May 2005 14:22:02 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4VIM2AI002598 for ietf-openpgp@imc.org; Tue, 31 May 2005 14:22:02 -0400 Date: Tue, 31 May 2005 14:22:02 -0400 From: David Shaw To: OpenPGP Subject: Re: Elgamal Signatures? Message-ID: <20050531182202.GA2527@jabberwocky.com> Mail-Followup-To: OpenPGP References: <429460FD.4090807@algroup.co.uk> <20050527203101.GA27418@jabberwocky.com> <4298D923.1040803@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4298D923.1040803@algroup.co.uk> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Sat, May 28, 2005 at 09:48:35PM +0100, Ben Laurie wrote: > > David Shaw wrote: > >On Wed, May 25, 2005 at 12:26:53PM +0100, Ben Laurie wrote: > > > >>I realise they're deprecated, but I still need to know the format. Where > >>can I find it? Should it be in the RFC? > >> > >>The problem being, of course, that things exist out there that use them. > > > > > >I don't think it should be in the RFC. The new RFC does not permit > >Elgamal signatures, so putting it in there serves little purpose. > >2440 will continue to exist once the new RFC is out, so anyone looking > >for 2440-specific formats can look there. > > They aren't in 2440 either. Or I missed something. Indeed, much to my surprise, they're not in 2440. I thought I had seen them in there. To me this is another reason to not put them in the new RFC. They were underspecified in 2440, and they're verboten in 2440bis. Specifying something that is not permitted now, and was not fully specified in the past seems odd to me. The format that GnuPG used (past tense) is similar to RSA in the PKCS encoding. If you look at the sign() function in http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnupg/cipher/elgamal.c?content-type=text%2Fplain&rev=1.35 you can see exactly what is done. MPI a and b in that function are the two MPIs that wind up in the Elgamal signature packet. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VH0ueq099630; Tue, 31 May 2005 10:00:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VH0uK3099629; Tue, 31 May 2005 10:00:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VH0tDb099622 for ; Tue, 31 May 2005 10:00:55 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id DC00C57E8C; Tue, 31 May 2005 09:11:05 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Re: Stupid hash question? Message-Id: <20050531161105.DC00C57E8C@finney.org> Date: Tue, 31 May 2005 09:11:05 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie writes: > This is true, as I said elsewhere - but the I-D does not refer to the > place where you are told this. Yes, perhaps section 8.1 of RFC 2437 would be a better place to link to. Although that describes more than just padding... > As an incidental cryptographic query - it seems to me that merely not > having the top bit set should be sufficient to ensure that the MSB is > not too large, so it isn't clear to me (given that the first byte is 1) > why an extra byte of padding is deemed necessary. Did I miss something? If the modulus started off 0x01 0x00... then padding as 0x01 0xFF... would not be guaranteed to be smaller than the modulus. Also, there are two padding versions, one with a type of 0x01 for signatures, and one with a type of 0x02 for encryption, and the 0x02 version would be even more problematic if the 2 were put into the MSByte. Making an MSB of zero solves both problems. They could have done it bit-oriented and pushed the 1/2 type information a few bits further to the left, but byte-oriented padding is generally simpler to implement. Hal Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VGf3H4098360; Tue, 31 May 2005 09:41:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VGf3JU098359; Tue, 31 May 2005 09:41:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VGf3ZD098352 for ; Tue, 31 May 2005 09:41:03 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 3EA9557E8C; Tue, 31 May 2005 08:51:13 -0700 (PDT) To: hal@finney.org, ietf-openpgp@imc.org, spider-41@hotmail.com Subject: Re: Problems with calculating signatures over keys Message-Id: <20050531155113.3EA9557E8C@finney.org> Date: Tue, 31 May 2005 08:51:13 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I sent Kimmo private mail from on the road showing a problem: > Thanks for the clarification, but I still can't get the right resuts. I > tried to calculate like this: > > SHA1(0x99 (public key tag)+ 0x01 + 0xA2 (key length) + Key packet (418 > bytes) + 0xB4 (user id tag) + 0x00 + 0x00 + 0x00 + 0x28 (user id length) + > User Id packet (40 bytes) + 0x04 + 0x13 + 0x11 + 0x02 + 0x00 + 0x1E + 0x05 + > 0x02 + 0x42 + 0x95 + 0x6E + 0xD1 + 0x02 + 0x1B + 0x03 + 0x06 + 0x0B + 0x09 + > 0x08 + 0x07 + 0x03 + 0x02 + 0x03 + 0x15 + 0x02 + 0x03 + 0x03 + 0x16 + 0x02 + > 0x01 + 0x02 + 0x1E + 0x01 + 0x02 + 0x17 + 0x80 + Trailer: 0x04 + 0xFF + 0x24 > (big endian length of hashed data from the sign. packet) + 0x00 + 0x00 + > 0x00) The last four bytes should be 00 00 00 24 not 24 00 00 00. It is supposed to be the length of hashed data from the signature packet, which is hex 24, in four octet big-endian form. He sent back that this fixed the problem. I do like the idea of an "implementation examples" document but I am not sure I am the right person to do it, due to time demands. I'll talk to the management at work and see if this is something that I or someone else could get some time to prepare in the next few weeks or months. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VCtNKg076008; Tue, 31 May 2005 05:55:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VCtNfF076007; Tue, 31 May 2005 05:55:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VCtMr0075993 for ; Tue, 31 May 2005 05:55:22 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1Dd5ft-0000pC-C3 for ; Tue, 31 May 2005 14:16:49 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1Dd6Ct-0003MJ-5j; Tue, 31 May 2005 14:50:55 +0200 To: "Konrad Rosenbaum" Cc: "Ben Laurie" , ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> <429C181B.2050003@algroup.co.uk> <22225.62.154.250.43.1117529523.squirrel@silmor.de> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Tue, 31 May 2005 14:50:55 +0200 In-Reply-To: <22225.62.154.250.43.1117529523.squirrel@silmor.de> (Konrad Rosenbaum's message of "Tue, 31 May 2005 10:52:03 +0200 (CEST)") Message-ID: <87y89v4l00.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, 31 May 2005 10:52:03 +0200 (CEST), Konrad Rosenbaum said: > However, these signatures are not worth anything, since they leak the key > and are easily forgable after the first signature. So bothering with That is not correct. They leak the key only when used with broken software or when the key has been created with such software. Certain versions of GnuPG (1.0.2 - 1.3.3) were broken and thus one should better assume that the key has been broken. See http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.html for details. Salam-Shalom, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VCQ9dw065718; Tue, 31 May 2005 05:26:09 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VCQ9e5065717; Tue, 31 May 2005 05:26:09 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VCQ84L065706 for ; Tue, 31 May 2005 05:26:08 -0700 (PDT) (envelope-from iang@systemics.com) Received: from localhost (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 9BF9E51BB9; Tue, 31 May 2005 13:26:06 +0100 (BST) From: Ian G To: "Konrad Rosenbaum" Subject: Re: Stupid hash question? Date: Tue, 31 May 2005 13:24:50 +0100 User-Agent: KMail/1.8 Cc: "Ben Laurie" , ietf-openpgp@imc.org References: <429C181B.2050003@algroup.co.uk> <22225.62.154.250.43.1117529523.squirrel@silmor.de> In-Reply-To: <22225.62.154.250.43.1117529523.squirrel@silmor.de> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200505311324.55525.iang@systemics.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tuesday 31 May 2005 09:52, Konrad Rosenbaum wrote: > Ben Laurie said: > > As I have previously stated, my keyring contains Elgamal signatures. I'm > > sure I'm not alone in this. I want to be able to check them. I think its > > fine to deprecate them, but refusing to describe them is just annoying. > > As far as I recall it is PKCS#1-v1.5 - just like RSA. > > However, these signatures are not worth anything, since they leak the key > and are easily forgable after the first signature. So bothering with > verifying them is nonsense in my opinion. Cryptographically an Elgamal > signature on something tells you as much about that something as a coffee > stain on a printout of it. If they are as dangerous as you say - "leak the key" and "forgeable" - then perhaps they should be more than deprecated, they should be marked as "SHOULD NOT be verified and should be marked in some negative fashion to indicate broken tech to the user" ? Just because something exists is not a sufficient argument for including it in the ID. If we are of the opinion that something should not be done and not be promulgated then leaving it out and marking the allocated numbers as "reserved" should be sufficient. A standard is a document describing what we want people to do, not what we want people not to do. iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VBeOSF050291; Tue, 31 May 2005 04:40:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VBeOVu050290; Tue, 31 May 2005 04:40:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VBeLlf050265 for ; Tue, 31 May 2005 04:40:22 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1Dd4VK-0007ic-2m for ; Tue, 31 May 2005 13:01:50 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1Dd52v-00011K-58; Tue, 31 May 2005 13:36:33 +0200 To: Jon Callas Cc: Ben Laurie , Konrad Rosenbaum , ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> <429C181B.2050003@algroup.co.uk> <22225.62.154.250.43.1117529523.squirrel@silmor.de> <429C2B6F.2070803@algroup.co.uk> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Tue, 31 May 2005 13:36:33 +0200 In-Reply-To: (Jon Callas's message of "Tue, 31 May 2005 03:07:28 -0700") Message-ID: <877jhf630e.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, 31 May 2005 03:07:28 -0700, Jon Callas said: > I believe Konrad Rosenbaum is correct, that it's a PKCS1/1.5 > content. The GnuPG guys would be best to comment, as they're the only > ones who ever implemented them. Frankly, I don't know this anymore because we have removed all Elgamal signature code from GnuPG. Old versions are still available and it should be easy to figure out the format. Shalom-Salam, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VA7ZvC016659; Tue, 31 May 2005 03:07:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4VA7ZXX016658; Tue, 31 May 2005 03:07:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4VA7YVT016639 for ; Tue, 31 May 2005 03:07:34 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Tue, 31 May 2005 03:07:31 -0700 Received: from [172.16.1.3] ([194.72.144.117]) by keys.merrymeet.com (PGP Universal service); Tue, 31 May 2005 03:07:30 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 31 May 2005 03:07:30 -0700 In-Reply-To: <429C2B6F.2070803@algroup.co.uk> References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> <429C181B.2050003@algroup.co.uk> <22225.62.154.250.43.1117529523.squirrel@silmor.de> <429C2B6F.2070803@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: Konrad Rosenbaum , ietf-openpgp@imc.org From: Jon Callas Subject: Re: Stupid hash question? Date: Tue, 31 May 2005 03:07:28 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 31 May 2005, at 2:16 AM, Ben Laurie wrote: > > This is a reason to deprecate them, not a reason not to describe them. > > They're more than deprecated, they're disallowed. All of the keys have been declared invalid. The documents don't say you MUST or even SHOULD consider them all broken, but no one would bat an eyelash if you did. Nonetheless, if you wanted to look inside one anyway, a lawyerly reading of the document doesn't disallow it. I believe Konrad Rosenbaum is correct, that it's a PKCS1/1.5 content. The GnuPG guys would be best to comment, as they're the only ones who ever implemented them. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V9GbLE098517; Tue, 31 May 2005 02:16:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4V9GbXX098516; Tue, 31 May 2005 02:16:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V9GajE098502 for ; Tue, 31 May 2005 02:16:37 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 93E1633C33; Tue, 31 May 2005 10:16:36 +0100 (BST) Message-ID: <429C2B6F.2070803@algroup.co.uk> Date: Tue, 31 May 2005 10:16:31 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum Cc: ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> <429C181B.2050003@algroup.co.uk> <22225.62.154.250.43.1117529523.squirrel@silmor.de> In-Reply-To: <22225.62.154.250.43.1117529523.squirrel@silmor.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Konrad Rosenbaum wrote: > Ben Laurie said: > >>As I have previously stated, my keyring contains Elgamal signatures. I'm >>sure I'm not alone in this. I want to be able to check them. I think its >>fine to deprecate them, but refusing to describe them is just annoying. > > > As far as I recall it is PKCS#1-v1.5 - just like RSA. > > However, these signatures are not worth anything, since they leak the key > and are easily forgable after the first signature. So bothering with > verifying them is nonsense in my opinion. Cryptographically an Elgamal > signature on something tells you as much about that something as a coffee > stain on a printout of it. This is a reason to deprecate them, not a reason not to describe them. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V8qLXO090084; Tue, 31 May 2005 01:52:21 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4V8qLxF090083; Tue, 31 May 2005 01:52:21 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V8qKVR090043 for ; Tue, 31 May 2005 01:52:20 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from localhost ([127.0.0.1] helo=silmor.de ident=www-data) by p15139323.pureserver.info with esmtp (Exim 3.35 #1 (Debian)) id 1Dd2Tj-0003gF-00; Tue, 31 May 2005 10:52:03 +0200 Received: from 62.154.250.43 (SquirrelMail authenticated user konrad) by silmor.de with HTTP; Tue, 31 May 2005 10:52:03 +0200 (CEST) Message-ID: <22225.62.154.250.43.1117529523.squirrel@silmor.de> In-Reply-To: <429C181B.2050003@algroup.co.uk> References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> <429C181B.2050003@algroup.co.uk> Date: Tue, 31 May 2005 10:52:03 +0200 (CEST) Subject: Re: Stupid hash question? From: "Konrad Rosenbaum" To: "Ben Laurie" Cc: ietf-openpgp@imc.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie said: > As I have previously stated, my keyring contains Elgamal signatures. I'm > sure I'm not alone in this. I want to be able to check them. I think its > fine to deprecate them, but refusing to describe them is just annoying. As far as I recall it is PKCS#1-v1.5 - just like RSA. However, these signatures are not worth anything, since they leak the key and are easily forgable after the first signature. So bothering with verifying them is nonsense in my opinion. Cryptographically an Elgamal signature on something tells you as much about that something as a coffee stain on a printout of it. Konrad Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V810FT071339; Tue, 31 May 2005 01:01:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4V810Sw071338; Tue, 31 May 2005 01:01:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V80vB8071294 for ; Tue, 31 May 2005 01:00:58 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 2465833C33; Tue, 31 May 2005 09:00:55 +0100 (BST) Message-ID: <429C19B2.9040506@algroup.co.uk> Date: Tue, 31 May 2005 09:00:50 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney Cc: ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: <20050530162551.B9B0557E8C@finney.org> In-Reply-To: <20050530162551.B9B0557E8C@finney.org> Content-Type: text/plain; charset=GB2312 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hal Finney wrote: > Ben Laurie writes: > >>I've been working on signatures recently, and I'm puzzled. As I >>understand it, the form of a decrypted signature is: >> >>01 FF FF ... FF FF 00 >> >>However, every signature I look at decrypts to: >> >>00 01 FF FF ... FF FF 00 >> >>Before I hurt my head trying to figure out why, I wonder if there's >>something obvious I missed? > > > > Actually if you look at PKCS-1 v1.5 you will find that in fact the > MSB is a 0 and the next byte is a 1 for signatures, a 2 for encryption. > Generally the MSB may not be a whole octet, depending on the size of > the modulus, so they put a zero there. This is true, as I said elsewhere - but the I-D does not refer to the place where you are told this. As an incidental cryptographic query - it seems to me that merely not having the top bit set should be sufficient to ensure that the MSB is not too large, so it isn't clear to me (given that the first byte is 1) why an extra byte of padding is deemed necessary. Did I miss something? Cheers, Ben. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V7sbNY068980; Tue, 31 May 2005 00:54:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4V7sbeI068979; Tue, 31 May 2005 00:54:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V7sZEP068962 for ; Tue, 31 May 2005 00:54:36 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 3C8E133C2E; Tue, 31 May 2005 08:54:15 +0100 (BST) Message-ID: <429C181B.2050003@algroup.co.uk> Date: Tue, 31 May 2005 08:54:03 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum Cc: ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: <429B24FE.4030607@algroup.co.uk> <200505302025.59879@zaphod.konrad.silmor.de> In-Reply-To: <200505302025.59879@zaphod.konrad.silmor.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Konrad Rosenbaum wrote: > On Monday 30 May 2005 16:36, Ben Laurie wrote: > >>However, I'm still left with a question, since 2437 only specifies RSA >>signatures. What lengths should be used with DSA and Elgamal? > > > That's trivial: with DSA there is no such thing as an encoding length, since > the Hash is used directly and has to be of the correct length (with 1024 > bit DSA you SHOULD use SHA-1, which is 160 bit wide, which (ohh wonder!) > matches the requirement of DSA). > > Elgamal is also trivial: don't use it for signatures. It's insecure. (Or > rather: it is so hard to make it secure that it is not worth it.) As I have previously stated, my keyring contains Elgamal signatures. I'm sure I'm not alone in this. I want to be able to check them. I think its fine to deprecate them, but refusing to describe them is just annoying. Cheers, Ben. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V7mu76067076; Tue, 31 May 2005 00:48:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4V7mub8067075; Tue, 31 May 2005 00:48:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4V7msHj067056 for ; Tue, 31 May 2005 00:48:55 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id A93C233C33; Tue, 31 May 2005 08:48:52 +0100 (BST) Message-ID: <429C16DF.9060908@algroup.co.uk> Date: Tue, 31 May 2005 08:48:47 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter Gutmann Cc: ietf-openpgp@imc.org, konrad@silmor.de Subject: Re: Stupid hash question? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Peter Gutmann wrote: > Ben Laurie writes: > >>Peter Gutmann wrote: >> >>>You don't count the FF's, you just continue along them until you find a non- >>>FF. >> >>This is incorrect. > > > Since the data payload (i.e. the ASN.1 wrapper and hash) is variable-length > and not known in advance, how are you expecting to know in advance how many > FF's are present without walking along them until you find a non-FF? ESP? > Magic? It is known in advance. Cheers, Ben. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UIQO7A052375; Mon, 30 May 2005 11:26:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UIQOLR052374; Mon, 30 May 2005 11:26:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UIQNBi052361 for ; Mon, 30 May 2005 11:26:23 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from p54b3fa98.dip.t-dialin.net ([84.179.250.152] helo=zaphod.local) by p15139323.pureserver.info with asmtp (Exim 3.35 #1 (Debian)) id 1Dcoxi-0001wv-00; Mon, 30 May 2005 20:26:06 +0200 From: Konrad Rosenbaum To: Ben Laurie , ietf-openpgp@imc.org Subject: Re: Stupid hash question? Date: Mon, 30 May 2005 20:25:55 +0200 User-Agent: KMail/1.8 References: <429B24FE.4030607@algroup.co.uk> In-Reply-To: <429B24FE.4030607@algroup.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1252236.2FXAaGreal"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505302025.59879@zaphod.konrad.silmor.de> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --nextPart1252236.2FXAaGreal Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 30 May 2005 16:36, Ben Laurie wrote: > However, I'm still left with a question, since 2437 only specifies RSA > signatures. What lengths should be used with DSA and Elgamal? That's trivial: with DSA there is no such thing as an encoding length, sinc= e=20 the Hash is used directly and has to be of the correct length (with 1024=20 bit DSA you SHOULD use SHA-1, which is 160 bit wide, which (ohh wonder!)=20 matches the requirement of DSA). Elgamal is also trivial: don't use it for signatures. It's insecure. (Or=20 rather: it is so hard to make it secure that it is not worth it.) Konrad --nextPart1252236.2FXAaGreal Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBCm1q3Clt766LaIH0RAj89AKCN18Y5aoDZBHItJS6JbyQbLcCicACfSi5R PeGoIVqpmYmmHZMAyp5mmWg= =1hkf -----END PGP SIGNATURE----- --nextPart1252236.2FXAaGreal-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UHFjbE047392; Mon, 30 May 2005 10:15:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UHFjS0047391; Mon, 30 May 2005 10:15:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UHFikW047382 for ; Mon, 30 May 2005 10:15:44 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id B9B0557E8C; Mon, 30 May 2005 09:25:51 -0700 (PDT) To: ben@algroup.co.uk, ietf-openpgp@imc.org Subject: Re: Stupid hash question? Message-Id: <20050530162551.B9B0557E8C@finney.org> Date: Mon, 30 May 2005 09:25:51 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie writes: > I've been working on signatures recently, and I'm puzzled. As I > understand it, the form of a decrypted signature is: > > 01 FF FF ... FF FF 00 > > However, every signature I look at decrypts to: > > 00 01 FF FF ... FF FF 00 > > Before I hurt my head trying to figure out why, I wonder if there's > something obvious I missed? Actually if you look at PKCS-1 v1.5 you will find that in fact the MSB is a 0 and the next byte is a 1 for signatures, a 2 for encryption. Generally the MSB may not be a whole octet, depending on the size of the modulus, so they put a zero there. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UFwB51042714; Mon, 30 May 2005 08:58:11 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UFwBNT042713; Mon, 30 May 2005 08:58:11 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtpc.itss.auckland.ac.nz (harpo.itss.auckland.ac.nz [130.216.190.13]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UFw9BZ042704 for ; Mon, 30 May 2005 08:58:09 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtpc.itss.auckland.ac.nz (Postfix) with ESMTP id 188EC34D69; Tue, 31 May 2005 03:58:08 +1200 (NZST) Received: from smtpc.itss.auckland.ac.nz ([127.0.0.1]) by localhost (smtpc.itss.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16409-20; Tue, 31 May 2005 03:58:08 +1200 (NZST) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by smtpc.itss.auckland.ac.nz (Postfix) with ESMTP id F1C6134BB7; Tue, 31 May 2005 03:58:07 +1200 (NZST) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 9FB9237749; Tue, 31 May 2005 03:58:07 +1200 (NZST) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1Dcmec-0002ja-00; Tue, 31 May 2005 03:58:14 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ben@algroup.co.uk, pgut001@cs.auckland.ac.nz Subject: Re: Stupid hash question? Cc: ietf-openpgp@imc.org, konrad@silmor.de In-Reply-To: <429B24FE.4030607@algroup.co.uk> Message-Id: Date: Tue, 31 May 2005 03:58:14 +1200 X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie writes: >Peter Gutmann wrote: >>You don't count the FF's, you just continue along them until you find a non- >>FF. > >This is incorrect. Since the data payload (i.e. the ASN.1 wrapper and hash) is variable-length and not known in advance, how are you expecting to know in advance how many FF's are present without walking along them until you find a non-FF? ESP? Magic? Peter. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UEatoT037853; Mon, 30 May 2005 07:36:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UEat8Q037852; Mon, 30 May 2005 07:36:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UEapba037843 for ; Mon, 30 May 2005 07:36:52 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 3407A33C2E; Mon, 30 May 2005 15:36:51 +0100 (BST) Message-ID: <429B24FE.4030607@algroup.co.uk> Date: Mon, 30 May 2005 15:36:46 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter Gutmann Cc: konrad@silmor.de, ietf-openpgp@imc.org Subject: Re: Stupid hash question? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Peter Gutmann wrote: > Ben Laurie writes: > > >>I have one less FF than I (think) I should have. > > > You don't count the FF's, you just continue along them until you find a non- > FF. This is incorrect. However, further research answers my own question and reveals a bug in d-i-o-r-13. RFC 2437 specifies RSA signing in section 8.1.1 - and this uses (for some reason, any idea why?) an EMSA-PKCS1-V1_5 encoding of length k-1 (where k is the keylength in octets). I presume that OpenPGP uses this algorithm. The I-D does not specify the length of the encoding, which is a bug: it should either specify it is of length k-1 or refer to RFC 2437 8.1.1. However, I'm still left with a question, since 2437 only specifies RSA signatures. What lengths should be used with DSA and Elgamal? Of course, since these will have to be specified, it would make more sense to specify the length in the I-D than to refer to 2437 for it. Cheers, Ben. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UCOt19000350; Mon, 30 May 2005 05:24:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UCOt31000349; Mon, 30 May 2005 05:24:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtpa.itss.auckland.ac.nz (groucho.itss.auckland.ac.nz [130.216.190.11]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UCOsBH000335 for ; Mon, 30 May 2005 05:24:55 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (smtpa.itss.auckland.ac.nz [127.0.0.1]) by smtpa.itss.auckland.ac.nz (Postfix) with ESMTP id CA53335112; Tue, 31 May 2005 00:24:53 +1200 (NZST) Received: from smtpa.itss.auckland.ac.nz ([127.0.0.1]) by localhost (smtpa.itss.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23677-16; Tue, 31 May 2005 00:24:53 +1200 (NZST) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by smtpa.itss.auckland.ac.nz (Postfix) with ESMTP id 45453340A1; Tue, 31 May 2005 00:24:52 +1200 (NZST) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 5E53837749; Tue, 31 May 2005 00:24:52 +1200 (NZST) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1DcjKD-0002e2-00; Tue, 31 May 2005 00:24:57 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ben@algroup.co.uk, konrad@silmor.de Subject: Re: Stupid hash question? Cc: ietf-openpgp@imc.org In-Reply-To: <429B03B3.1000904@algroup.co.uk> Message-Id: Date: Tue, 31 May 2005 00:24:57 +1200 X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie writes: >I have one less FF than I (think) I should have. You don't count the FF's, you just continue along them until you find a non- FF. Peter. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UCEo7M096508; Mon, 30 May 2005 05:14:50 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UCEowH096507; Mon, 30 May 2005 05:14:50 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UCEmNx096489 for ; Mon, 30 May 2005 05:14:49 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 2061533C33; Mon, 30 May 2005 13:14:48 +0100 (BST) Message-ID: <429B03B3.1000904@algroup.co.uk> Date: Mon, 30 May 2005 13:14:43 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum Cc: OpenPGP Subject: Re: Stupid hash question? References: <429ADAA4.4090803@algroup.co.uk> <39133.62.154.250.43.1117447828.squirrel@silmor.de> In-Reply-To: <39133.62.154.250.43.1117447828.squirrel@silmor.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Konrad Rosenbaum wrote: > Ben Laurie said: > >>I've been working on signatures recently, and I'm puzzled. As I >>understand it, the form of a decrypted signature is: >> >>01 FF FF ... FF FF 00 >> >>However, every signature I look at decrypts to: >> >>00 01 FF FF ... FF FF 00 >> >>Before I hurt my head trying to figure out why, I wonder if there's >>something obvious I missed? > > > Hi Ben, > > leading zeros can be left out while it is still a large integer. Eg. for > RSA signatures it is pretty normal that the signature is a) one byte > smaller than the RSA-n or b) contains a leading zero. This pretty much > depends on your implementation of large integers. Or to give you an > example in C: > > It does not matter whether you assign > int a=0x01; > or: > int a=0x000001; > or.... whatever, it is still a "1". I realise that, but if I do that, then I have one less FF than I (think) I should have. Cheers, Ben. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UBPv61080747; Mon, 30 May 2005 04:25:57 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UBPvQd080746; Mon, 30 May 2005 04:25:57 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from hotmail.com (bay18-f15.bay18.hotmail.com [65.54.187.65]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UBPu4o080712 for ; Mon, 30 May 2005 04:25:56 -0700 (PDT) (envelope-from spider-41@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 30 May 2005 04:25:51 -0700 Message-ID: Received: from 193.210.155.190 by by18fd.bay18.hotmail.msn.com with HTTP; Mon, 30 May 2005 11:25:50 GMT X-Originating-IP: [193.210.155.190] X-Originating-Email: [spider-41@hotmail.com] X-Sender: spider-41@hotmail.com In-Reply-To: <20050526153429.2EE6957E8C@finney.org> From: =?iso-8859-1?B?S2ltbW8gTeRrZWzkaW5lbg==?= To: hal@finney.org, ietf-openpgp@imc.org Subject: Re: Problems with calculating signatures over keys Date: Mon, 30 May 2005 14:25:50 +0300 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed X-OriginalArrivalTime: 30 May 2005 11:25:51.0521 (UTC) FILETIME=[55E70910:01C5650A] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Thanks for the clarification, but I still can't get the right resuts. I tried to calculate like this: SHA1(0x99 (public key tag)+ 0x01 + 0xA2 (key length) + Key packet (418 bytes) + 0xB4 (user id tag) + 0x00 + 0x00 + 0x00 + 0x28 (user id length) + User Id packet (40 bytes) + 0x04 + 0x13 + 0x11 + 0x02 + 0x00 + 0x1E + 0x05 + 0x02 + 0x42 + 0x95 + 0x6E + 0xD1 + 0x02 + 0x1B + 0x03 + 0x06 + 0x0B + 0x09 + 0x08 + 0x07 + 0x03 + 0x02 + 0x03 + 0x15 + 0x02 + 0x03 + 0x03 + 0x16 + 0x02 + 0x01 + 0x02 + 0x1E + 0x01 + 0x02 + 0x17 + 0x80 + Trailer: 0x04 + 0xFF + 0x24 (big endian length of hashed data from the sign. packet) + 0x00 + 0x00 + 0x00) The result I got was 0xfcfc4c8598c9349959eb5cb23321add6b92f2137, so the left bytes are 0xFC and 0xFC, but in the key the values are 0xE8 and 0xA4. Kimmo >From: hal@finney.org ("Hal Finney") >To: ietf-openpgp@imc.org, spider-41@hotmail.com >Subject: Re: Problems with calculating signatures over keys >Date: Thu, 26 May 2005 08:34:29 -0700 (PDT) > >Kimmo M?kel?inen writes: > > First, how many octets there should be in the user id packet to define >the > > length of the username? > > > > It is said in the 5.2.4 that > > "A V4 certification hashes the constant 0xb4 (which is an > > old-style packet header with the length-of-length set to zero), a > > four-octet number giving the length of the username, and then the > > username data." > > > > However, in the key generated by GnuPG the length is given with only one > > octet. I have used the PGPdump interface (http://www.pgpdump.net) to > > visualize the key data, and the interface shows the data correctly, > > including the user id packet. > >The number of octets that is hashed is different from the number that >is used in the packet. For a V4 signature, always 4 octets of length >are hashed. The number used in the packet may be 1, 2 or 4 octets. >You need to pad the octets from the packet with leading 0's to get 4 >octets for hash purposes, if fewer are used there. > > > In 5.2.4 is also said that > > > > "V4 signatures also hash in a final trailer of six octets: the version > > of the signature packet, i.e. 0x04; 0xFF; a four-octet, big-endian > > number that is the length of the hashed data from the signature > > packet (note that this number does not include these final six > > octets." > > > > I haven't found an unambiguous explanation for the length bytes. Is it >the > > length of the whole data being hashed (from the public key packet >through > > the end of the hashed subpacket data of signature packet) or just from >the > > version number of the signature packet through the end of hashed >subpacket > > data? > >It is the latter, it is the number of bytes hashed from the signature >packet starting from the version number and going through the end of >the hashed subpacket data. > >You are not the first person to have trouble getting it to work. >Unfortunately it is the nature of cryptographic hashes that making even >the slightest error produces a completely wrong result, with no hint >about how close you are. > >We might want to consider some "test vectors" in the RFC which work >through the process of verifying a signature. We'd show the key and >associated packets, and then show the exact sequence of bytes which >gets hashed. I think that would be a big help to implementors. > >Unfortunately once we open the door to including such an example, >there are a lot of other things we might need to show. The public key >signature operations themselves, signatures on text and binary messages, >encryption and decryption, encrypt+sign, etc. We could almost use a >separate RFC just with examples as an aid to implementors. > >Hal Finney > _________________________________________________________________ Lataa ilmainen MSN Messenger http://messenger.msn.fi Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UBPUgX080592; Mon, 30 May 2005 04:25:30 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UBPUlk080591; Mon, 30 May 2005 04:25:30 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from hotmail.com (bay18-f7.bay18.hotmail.com [65.54.187.57]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UBPRMQ080543 for ; Mon, 30 May 2005 04:25:27 -0700 (PDT) (envelope-from spider-41@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 30 May 2005 04:25:22 -0700 Message-ID: Received: from 193.210.155.190 by by18fd.bay18.hotmail.msn.com with HTTP; Mon, 30 May 2005 11:25:21 GMT X-Originating-IP: [193.210.155.190] X-Originating-Email: [spider-41@hotmail.com] X-Sender: spider-41@hotmail.com In-Reply-To: <20050526153429.2EE6957E8C@finney.org> From: =?iso-8859-1?B?S2ltbW8gTeRrZWzkaW5lbg==?= To: hal@finney.org, ietf-openpgp@imc.org Subject: Re: Problems with calculating signatures over keys Date: Mon, 30 May 2005 14:25:21 +0300 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed X-OriginalArrivalTime: 30 May 2005 11:25:22.0295 (UTC) FILETIME=[447B8070:01C5650A] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Thanks for the clarification, but I still can't get the right resuts. I tried to calculate like this: SHA1(0x99 (public key tag)+ 0x01 + 0xA2 (key length) + Key packet (418 bytes) + 0xB4 (user id tag) + 0x00 + 0x00 + 0x00 + 0x28 (user id length) + User Id packet (40 bytes) + 0x04 + 0x13 + 0x11 + 0x02 + 0x00 + 0x1E + 0x05 + 0x02 + 0x42 + 0x95 + 0x6E + 0xD1 + 0x02 + 0x1B + 0x03 + 0x06 + 0x0B + 0x09 + 0x08 + 0x07 + 0x03 + 0x02 + 0x03 + 0x15 + 0x02 + 0x03 + 0x03 + 0x16 + 0x02 + 0x01 + 0x02 + 0x1E + 0x01 + 0x02 + 0x17 + 0x80 + Trailer: 0x04 + 0xFF + 0x24 (big endian length of hashed data from the sign. packet) + 0x00 + 0x00 + 0x00) The result I got was 0xfcfc4c8598c9349959eb5cb23321add6b92f2137, so the left bytes are 0xFC and 0xFC, but in the key the values are 0xE8 and 0xA4. Kimmo >From: hal@finney.org ("Hal Finney") >To: ietf-openpgp@imc.org, spider-41@hotmail.com >Subject: Re: Problems with calculating signatures over keys >Date: Thu, 26 May 2005 08:34:29 -0700 (PDT) > >Kimmo M?kel?inen writes: > > First, how many octets there should be in the user id packet to define >the > > length of the username? > > > > It is said in the 5.2.4 that > > "A V4 certification hashes the constant 0xb4 (which is an > > old-style packet header with the length-of-length set to zero), a > > four-octet number giving the length of the username, and then the > > username data." > > > > However, in the key generated by GnuPG the length is given with only one > > octet. I have used the PGPdump interface (http://www.pgpdump.net) to > > visualize the key data, and the interface shows the data correctly, > > including the user id packet. > >The number of octets that is hashed is different from the number that >is used in the packet. For a V4 signature, always 4 octets of length >are hashed. The number used in the packet may be 1, 2 or 4 octets. >You need to pad the octets from the packet with leading 0's to get 4 >octets for hash purposes, if fewer are used there. > > > In 5.2.4 is also said that > > > > "V4 signatures also hash in a final trailer of six octets: the version > > of the signature packet, i.e. 0x04; 0xFF; a four-octet, big-endian > > number that is the length of the hashed data from the signature > > packet (note that this number does not include these final six > > octets." > > > > I haven't found an unambiguous explanation for the length bytes. Is it >the > > length of the whole data being hashed (from the public key packet >through > > the end of the hashed subpacket data of signature packet) or just from >the > > version number of the signature packet through the end of hashed >subpacket > > data? > >It is the latter, it is the number of bytes hashed from the signature >packet starting from the version number and going through the end of >the hashed subpacket data. > >You are not the first person to have trouble getting it to work. >Unfortunately it is the nature of cryptographic hashes that making even >the slightest error produces a completely wrong result, with no hint >about how close you are. > >We might want to consider some "test vectors" in the RFC which work >through the process of verifying a signature. We'd show the key and >associated packets, and then show the exact sequence of bytes which >gets hashed. I think that would be a big help to implementors. > >Unfortunately once we open the door to including such an example, >there are a lot of other things we might need to show. The public key >signature operations themselves, signatures on text and binary messages, >encryption and decryption, encrypt+sign, etc. We could almost use a >separate RFC just with examples as an aid to implementors. > >Hal Finney > _________________________________________________________________ Hotmail vai Hotmail Plus? Tutustu palveluihin. http://www.imagine-msn.com/hotmail/fi-fi/ Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UAAk2d054375; Mon, 30 May 2005 03:10:46 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4UAAkJB054374; Mon, 30 May 2005 03:10:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4UAAjQN054325 for ; Mon, 30 May 2005 03:10:45 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from localhost ([127.0.0.1] helo=silmor.de ident=www-data) by p15139323.pureserver.info with esmtp (Exim 3.35 #1 (Debian)) id 1DchE4-0000tD-00; Mon, 30 May 2005 12:10:28 +0200 Received: from 62.154.250.43 (SquirrelMail authenticated user konrad) by silmor.de with HTTP; Mon, 30 May 2005 12:10:28 +0200 (CEST) Message-ID: <39133.62.154.250.43.1117447828.squirrel@silmor.de> In-Reply-To: <429ADAA4.4090803@algroup.co.uk> References: <429ADAA4.4090803@algroup.co.uk> Date: Mon, 30 May 2005 12:10:28 +0200 (CEST) Subject: Re: Stupid hash question? From: "Konrad Rosenbaum" To: "Ben Laurie" Cc: "OpenPGP" User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie said: > > I've been working on signatures recently, and I'm puzzled. As I > understand it, the form of a decrypted signature is: > > 01 FF FF ... FF FF 00 > > However, every signature I look at decrypts to: > > 00 01 FF FF ... FF FF 00 > > Before I hurt my head trying to figure out why, I wonder if there's > something obvious I missed? Hi Ben, leading zeros can be left out while it is still a large integer. Eg. for RSA signatures it is pretty normal that the signature is a) one byte smaller than the RSA-n or b) contains a leading zero. This pretty much depends on your implementation of large integers. Or to give you an example in C: It does not matter whether you assign int a=0x01; or: int a=0x000001; or.... whatever, it is still a "1". Really, leave the leading zero out. Even the former east-block states got rid of their leading zeros - it works pretty well... ;-) Konrad Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4U9Jc88018158; Mon, 30 May 2005 02:19:38 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4U9Jc1g018157; Mon, 30 May 2005 02:19:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4U9JbNw018142 for ; Mon, 30 May 2005 02:19:37 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id C628833C3F for ; Mon, 30 May 2005 10:19:36 +0100 (BST) Message-ID: <429ADAA4.4090803@algroup.co.uk> Date: Mon, 30 May 2005 10:19:32 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP Subject: Stupid hash question? Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I've been working on signatures recently, and I'm puzzled. As I understand it, the form of a decrypted signature is: 01 FF FF ... FF FF 00 However, every signature I look at decrypts to: 00 01 FF FF ... FF FF 00 Before I hurt my head trying to figure out why, I wonder if there's something obvious I missed? Cheers, Ben. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4SKkbZm082555; Sat, 28 May 2005 13:46:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4SKkbOx082554; Sat, 28 May 2005 13:46:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4SKkZur082544 for ; Sat, 28 May 2005 13:46:36 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id E92BE33C2E; Sat, 28 May 2005 21:46:32 +0100 (BST) Message-ID: <4298D923.1040803@algroup.co.uk> Date: Sat, 28 May 2005 21:48:35 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Shaw Cc: OpenPGP Subject: Re: Elgamal Signatures? References: <429460FD.4090807@algroup.co.uk> <20050527203101.GA27418@jabberwocky.com> In-Reply-To: <20050527203101.GA27418@jabberwocky.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw wrote: > On Wed, May 25, 2005 at 12:26:53PM +0100, Ben Laurie wrote: > >>I realise they're deprecated, but I still need to know the format. Where >>can I find it? Should it be in the RFC? >> >>The problem being, of course, that things exist out there that use them. > > > I don't think it should be in the RFC. The new RFC does not permit > Elgamal signatures, so putting it in there serves little purpose. > 2440 will continue to exist once the new RFC is out, so anyone looking > for 2440-specific formats can look there. They aren't in 2440 either. Or I missed something. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4SEp7vg087712; Sat, 28 May 2005 07:51:07 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4SEp7Vr087711; Sat, 28 May 2005 07:51:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4SEp58q087703 for ; Sat, 28 May 2005 07:51:06 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Sat, 28 May 2005 07:51:04 -0700 Received: from [172.16.1.3] ([194.72.144.117]) by keys.merrymeet.com (PGP Universal service); Sat, 28 May 2005 07:51:04 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Sat, 28 May 2005 07:51:04 -0700 In-Reply-To: References: <20050526153429.2EE6957E8C@finney.org> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <77481f3168d671664599035a9a2e1d1a@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org, hal@finney.org ("Hal Finney"), spider-41@hotmail.com From: Jon Callas Subject: Re: Problems with calculating signatures over keys Date: Sat, 28 May 2005 07:51:02 -0700 To: Derek Atkins X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > I also agree that a separate "Test Vectors" draft would be the right > place to put it. It could even be an informational draft instead of a > standards-track draft, but it could still be called something like: > draft-ietf-openpgp-test-vectors > >> Hal Finney > > Are there any objections from the WG to doing this? As chair I think > it's a good idea and would welcome a test vectors draft. > I'd go so far as to say it should be an implementation hints draft. It could include things like Elgamal signatures, as well, and other things that doing belong in the standards RFCs. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4RKVFus043437; Fri, 27 May 2005 13:31:15 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4RKVFx1043436; Fri, 27 May 2005 13:31:15 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4RKVEP0043430 for ; Fri, 27 May 2005 13:31:15 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc12) with ESMTP id <20050527203108012001376he>; Fri, 27 May 2005 20:31:08 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j4RKVGo5017753 for ; Fri, 27 May 2005 16:31:16 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4RKV2Bk027632 for ; Fri, 27 May 2005 16:31:06 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4RKV12v027631 for ietf-openpgp@imc.org; Fri, 27 May 2005 16:31:01 -0400 Date: Fri, 27 May 2005 16:31:01 -0400 From: David Shaw To: OpenPGP Subject: Re: Elgamal Signatures? Message-ID: <20050527203101.GA27418@jabberwocky.com> Mail-Followup-To: OpenPGP References: <429460FD.4090807@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <429460FD.4090807@algroup.co.uk> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, May 25, 2005 at 12:26:53PM +0100, Ben Laurie wrote: > > I realise they're deprecated, but I still need to know the format. Where > can I find it? Should it be in the RFC? > > The problem being, of course, that things exist out there that use them. I don't think it should be in the RFC. The new RFC does not permit Elgamal signatures, so putting it in there serves little purpose. 2440 will continue to exist once the new RFC is out, so anyone looking for 2440-specific formats can look there. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4QGsDkl036134; Thu, 26 May 2005 09:54:13 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4QGsD8F036133; Thu, 26 May 2005 09:54:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cliodev.pgp.com (me@CLIODEV.IHTFP.ORG [204.107.200.20]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4QGsC92036120 for ; Thu, 26 May 2005 09:54:13 -0700 (PDT) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (cliodev.pgp.com [127.0.0.1]) by cliodev.pgp.com (8.13.1/8.13.1) with ESMTP id j4QGqpQc010501; Thu, 26 May 2005 12:52:51 -0400 Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id j4QGqko1010497; Thu, 26 May 2005 12:52:46 -0400 X-Authentication-Warning: cliodev.pgp.com: warlord set sender to warlord@MIT.EDU using -f From: Derek Atkins To: hal@finney.org ("Hal Finney") Cc: ietf-openpgp@imc.org, spider-41@hotmail.com Subject: Re: Problems with calculating signatures over keys References: <20050526153429.2EE6957E8C@finney.org> Date: Thu, 26 May 2005 12:52:46 -0400 In-Reply-To: <20050526153429.2EE6957E8C@finney.org> (Hal Finney's message of "Thu, 26 May 2005 08:34:29 -0700 (PDT)") Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hal, hal@finney.org ("Hal Finney") writes: > We might want to consider some "test vectors" in the RFC which work > through the process of verifying a signature. We'd show the key and > associated packets, and then show the exact sequence of bytes which > gets hashed. I think that would be a big help to implementors. I agree that this would be a boon to implementors. Do you want to volunteer to do this? :) > Unfortunately once we open the door to including such an example, > there are a lot of other things we might need to show. The public key > signature operations themselves, signatures on text and binary messages, > encryption and decryption, encrypt+sign, etc. We could almost use a > separate RFC just with examples as an aid to implementors. I also agree that a separate "Test Vectors" draft would be the right place to put it. It could even be an informational draft instead of a standards-track draft, but it could still be called something like: draft-ietf-openpgp-test-vectors > Hal Finney Are there any objections from the WG to doing this? As chair I think it's a good idea and would welcome a test vectors draft. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4QGOhTO032190; Thu, 26 May 2005 09:24:43 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4QGOhPg032189; Thu, 26 May 2005 09:24:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4QGOe5t032122 for ; Thu, 26 May 2005 09:24:42 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 2EE6957E8C; Thu, 26 May 2005 08:34:29 -0700 (PDT) To: ietf-openpgp@imc.org, spider-41@hotmail.com Subject: Re: Problems with calculating signatures over keys Message-Id: <20050526153429.2EE6957E8C@finney.org> Date: Thu, 26 May 2005 08:34:29 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Kimmo M?kel?inen writes: > First, how many octets there should be in the user id packet to define the > length of the username? > > It is said in the 5.2.4 that > "A V4 certification hashes the constant 0xb4 (which is an > old-style packet header with the length-of-length set to zero), a > four-octet number giving the length of the username, and then the > username data." > > However, in the key generated by GnuPG the length is given with only one > octet. I have used the PGPdump interface (http://www.pgpdump.net) to > visualize the key data, and the interface shows the data correctly, > including the user id packet. The number of octets that is hashed is different from the number that is used in the packet. For a V4 signature, always 4 octets of length are hashed. The number used in the packet may be 1, 2 or 4 octets. You need to pad the octets from the packet with leading 0's to get 4 octets for hash purposes, if fewer are used there. > In 5.2.4 is also said that > > "V4 signatures also hash in a final trailer of six octets: the version > of the signature packet, i.e. 0x04; 0xFF; a four-octet, big-endian > number that is the length of the hashed data from the signature > packet (note that this number does not include these final six > octets." > > I haven't found an unambiguous explanation for the length bytes. Is it the > length of the whole data being hashed (from the public key packet through > the end of the hashed subpacket data of signature packet) or just from the > version number of the signature packet through the end of hashed subpacket > data? It is the latter, it is the number of bytes hashed from the signature packet starting from the version number and going through the end of the hashed subpacket data. You are not the first person to have trouble getting it to work. Unfortunately it is the nature of cryptographic hashes that making even the slightest error produces a completely wrong result, with no hint about how close you are. We might want to consider some "test vectors" in the RFC which work through the process of verifying a signature. We'd show the key and associated packets, and then show the exact sequence of bytes which gets hashed. I think that would be a big help to implementors. Unfortunately once we open the door to including such an example, there are a lot of other things we might need to show. The public key signature operations themselves, signatures on text and binary messages, encryption and decryption, encrypt+sign, etc. We could almost use a separate RFC just with examples as an aid to implementors. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4Q7KnEG021456; Thu, 26 May 2005 00:20:49 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4Q7Knas021455; Thu, 26 May 2005 00:20:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from hotmail.com (bay18-f12.bay18.hotmail.com [65.54.187.62]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4Q7KnOf021443 for ; Thu, 26 May 2005 00:20:49 -0700 (PDT) (envelope-from spider-41@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 26 May 2005 00:20:44 -0700 Message-ID: Received: from 193.210.155.190 by by18fd.bay18.hotmail.msn.com with HTTP; Thu, 26 May 2005 07:20:43 GMT X-Originating-IP: [193.210.155.190] X-Originating-Email: [spider-41@hotmail.com] X-Sender: spider-41@hotmail.com From: =?iso-8859-1?B?S2ltbW8gTeRrZWzkaW5lbg==?= To: ietf-openpgp@imc.org Subject: Problems with calculating signatures over keys Date: Thu, 26 May 2005 10:20:43 +0300 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_194f_56dd_6dda" X-OriginalArrivalTime: 26 May 2005 07:20:44.0239 (UTC) FILETIME=[6E06E5F0:01C561C3] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multi-part message in MIME format. ------=_NextPart_000_194f_56dd_6dda Content-Type: text/plain; charset=iso-8859-1; format=flowed I'm trying to compute the signature over the DSA key and I'm rather confused. I have generated DSA and El Gamal keys with Gnu Privacy Guard software. First, how many octets there should be in the user id packet to define the length of the username? It is said in the 5.2.4 that "A V4 certification hashes the constant 0xb4 (which is an old-style packet header with the length-of-length set to zero), a four-octet number giving the length of the username, and then the username data." However, in the key generated by GnuPG the length is given with only one octet. I have used the PGPdump interface (http://www.pgpdump.net) to visualize the key data, and the interface shows the data correctly, including the user id packet. Here is the key packet: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.1 (MingW32) mQGiBEKVbtERBACEIkiNrLzZZQYivsTw3qjUwBUBILzU9kJATnMZM+DaaF0BuTUX +CZJVCZQViLG9tk9aFlzEMmImBokJmNkasCEWhwcoKKJjDqTTIUO0k21udKMD4RX 8r5Xp1FxhJYcLqfuo20l4G2pgUOZ7rE0hBL10btJrb6aJ9ava8mO/fXTNwCgwfIT mrgCrwsBT6lp98BzAUKrO/cD/2UsSeZKwTX3Fr4sYqCHVRjBItTyFF+gB6UcT45Q XmKtmhlSyZFxoWpXS7JA1KsdjUXUTv4dyjka3BcOk+fqnuPk+bo2+VI1oFJQmeFl /Gtqk8OF3VTAuO8IzE9tghw6+aDM8UdnOZcoEtUe5WhdhnMKg/snspn3MxmKGgGw YjhJA/sEHKVV8QIXcG32NdgnmE4y72jy4aI5OJpSHoRYGZjYVCQnRn6O2dyw9AVW Qf/MwvsUqQNHkE6+C4X3MIAlWsCthlyWMFWjqsPxROBKv9pWXlcx0HnTlS5eW7Ad sDCxx3hVnC2QDhSCsW6YiEPCN5wER6x9RWgvR0HL6UsOQHlCtrQoS2ltbW8gTWFr ZWxhaW5lbiA8c3BpZGVyLTQxQGhvdG1haWwuY29tPoheBBMRAgAeBQJClW7RAhsD BgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEMsqzv1NDtvR6KQAoJ64WQs7U2d/OBys SPyLBjr842C9AJ9Y3bKFi7BQrrn0M1+9NOfesOVg27kBDQRClW7UEAQApytRIxA9 5X2h8ev7ApEgoLekTnEJSs0l1R+Y+MCMNgzSv2P5ODhS+8mMbvE5yTv5McA8is9s SFIB+01P33LnyZOxXmegbBKa+hGR9MtqqRbw6gOQ16I1ymttjL47ZA8fdA/uInb1 jmiUVOVYUAxnpTSyeZugulTSKKggInvgYfsAAwUD/07+XJ2gSiwvT712CPLjYWhB VWlVGR7dAOyD5bU29Khhy3oKPoFgoZpDatl3rabNldxYEudeLY20LZ/zntXxJlJx /EfKW67wbqD/VqfhDqsKWjvdJW8ETkexkqSfP8uEE0T2CEJZm8RJSsNBioCxUWCt CQUsmnEeMYCSfg+Tr0WgiEkEGBECAAkFAkKVbtQCGwwACgkQyyrO/U0O29G9/QCe L511HAkscEwbacdTLgJ8f9DqRVcAnRHOIEphW7zM+NZSZum56ygtu3Z5 =eV1b -----END PGP PUBLIC KEY BLOCK----- The "raw" data of the key is attached to this message. My main problem is that I can't calculate the correct hash value. PGPdump shows that the two left bytes of the calculated hash value over the keypacket + user id packet + signature packet are 0xE8 and 0xA4. In 5.2.4 is also said that "V4 signatures also hash in a final trailer of six octets: the version of the signature packet, i.e. 0x04; 0xFF; a four-octet, big-endian number that is the length of the hashed data from the signature packet (note that this number does not include these final six octets." I haven't found an unambiguous explanation for the length bytes. Is it the length of the whole data being hashed (from the public key packet through the end of the hashed subpacket data of signature packet) or just from the version number of the signature packet through the end of hashed subpacket data? I have studied old messages from the mailing list. For example in http://www.imc.org/ietf-openpgp/mail-archive/msg02966.html the structure of the explained like this: (header data) 0x99 2 octet length key packet body data (user id data) 0xb4 4 octet length username data (signature trailer) version field to end of hashable data V4 signature trailer 0x04 0xFF 4 octet length I think the structure is otherwise clear, but what should be done with the length of the user name? If I add three bytes to the key generated with the GnuPG, I still can't get the hash value to match with the two bytes GnuPG has calculated. Best regards, Kimmo Mäkeläinen _________________________________________________________________ 3 vrk:n sääennuste http://www.msn.fi/uutiset/saa ------=_NextPart_000_194f_56dd_6dda Content-Type: application/octet-stream; name="pubring.gpg" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="pubring.gpg" mQGiBEKVbtERBACEIkiNrLzZZQYivsTw3qjUwBUBILzU9kJATnMZM+DaaF0B uTUX+CZJVCZQViLG9tk9aFlzEMmImBokJmNkasCEWhwcoKKJjDqTTIUO0k21 udKMD4RX8r5Xp1FxhJYcLqfuo20l4G2pgUOZ7rE0hBL10btJrb6aJ9ava8mO /fXTNwCgwfITmrgCrwsBT6lp98BzAUKrO/cD/2UsSeZKwTX3Fr4sYqCHVRjB ItTyFF+gB6UcT45QXmKtmhlSyZFxoWpXS7JA1KsdjUXUTv4dyjka3BcOk+fq nuPk+bo2+VI1oFJQmeFl/Gtqk8OF3VTAuO8IzE9tghw6+aDM8UdnOZcoEtUe 5WhdhnMKg/snspn3MxmKGgGwYjhJA/sEHKVV8QIXcG32NdgnmE4y72jy4aI5 OJpSHoRYGZjYVCQnRn6O2dyw9AVWQf/MwvsUqQNHkE6+C4X3MIAlWsCthlyW MFWjqsPxROBKv9pWXlcx0HnTlS5eW7AdsDCxx3hVnC2QDhSCsW6YiEPCN5wE R6x9RWgvR0HL6UsOQHlCtrQoS2ltbW8gTWFrZWxhaW5lbiA8c3BpZGVyLTQx QGhvdG1haWwuY29tPoheBBMRAgAeBQJClW7RAhsDBgsJCAcDAgMVAgMDFgIB Ah4BAheAAAoJEMsqzv1NDtvR6KQAoJ64WQs7U2d/OBysSPyLBjr842C9AJ9Y 3bKFi7BQrrn0M1+9NOfesOVg27ACAAO5AQ0EQpVu1BAEAKcrUSMQPeV9ofHr +wKRIKC3pE5xCUrNJdUfmPjAjDYM0r9j+Tg4UvvJjG7xOck7+THAPIrPbEhS AftNT99y58mTsV5noGwSmvoRkfTLaqkW8OoDkNeiNcprbYy+O2QPH3QP7iJ2 9Y5olFTlWFAMZ6U0snmboLpU0iioICJ74GH7AAMFA/9O/lydoEosL0+9dgjy 42FoQVVpVRke3QDsg+W1NvSoYct6Cj6BYKGaQ2rZd62mzZXcWBLnXi2NtC2f 857V8SZScfxHyluu8G6g/1an4Q6rClo73SVvBE5HsZKknz/LhBNE9ghCWZvE SUrDQYqAsVFgrQkFLJpxHjGAkn4Pk69FoIhJBBgRAgAJBQJClW7UAhsMAAoJ EMsqzv1NDtvRvf0Ani+ddRwJLHBMG2nHUy4CfH/Q6kVXAJ0RziBKYVu8zPjW UmbpuesoLbt2ebACAAM= ------=_NextPart_000_194f_56dd_6dda-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4PBQv1e051308; Wed, 25 May 2005 04:26:57 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4PBQvui051307; Wed, 25 May 2005 04:26:57 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4PBQuwD051287 for ; Wed, 25 May 2005 04:26:57 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [IPv6???1] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id D38DE33C45 for ; Wed, 25 May 2005 12:26:54 +0100 (BST) Message-ID: <429460FD.4090807@algroup.co.uk> Date: Wed, 25 May 2005 12:26:53 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050405) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP Subject: Elgamal Signatures? Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I realise they're deprecated, but I still need to know the format. Where can I find it? Should it be in the RFC? The problem being, of course, that things exist out there that use them. Cheers, Ben. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4L0IDNf027310; Fri, 20 May 2005 17:18:13 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4L0IDx9027309; Fri, 20 May 2005 17:18:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4L0IDBd027230 for ; Fri, 20 May 2005 17:18:13 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc12) with ESMTP id <2005052100180501400ssbjke>; Sat, 21 May 2005 00:18:05 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j4L0I4Ta008433 for ; Fri, 20 May 2005 20:18:04 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4L0I0dH028428 for ; Fri, 20 May 2005 20:18:00 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4L0I0Mi028427 for ietf-openpgp@imc.org; Fri, 20 May 2005 20:18:00 -0400 Date: Fri, 20 May 2005 20:18:00 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Critical bits and notations Message-ID: <20050521001800.GA28168@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> <20050511143536.GA27860@jabberwocky.com> <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> <428CFA76.3010908@algroup.co.uk> <874qcy2wcw.fsf@wheatstone.g10code.de> <428DA39D.2050308@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <428DA39D.2050308@algroup.co.uk> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, May 20, 2005 at 09:45:17AM +0100, Ben Laurie wrote: > > Werner Koch wrote: > >On Thu, 19 May 2005 21:43:34 +0100, Ben Laurie said: > > > > > >>This whole discussion scares me. You have an extension mechanism with > >>no registry for extensions. > > > > > >We do have a way to register extensions ([5.2.3.16. Notation Data]): > > > > The IETF name space is registered with IANA. These names MUST NOT > > contain the "@" character (0x40) is this is a tag for the user name > > space. > > > > Names in the user name space consist of a UTF-8 string tag followed > > by "@" followed by a DNS domain name. Note that the tag MUST NOT > > contain an "@" character. For example, the "sample" tag used by > > Example Corporation could be "sample@example.com". > > > > Names in a user space are owned and controlled by the owners of that > > domain. Obviously, it's of bad form to create a new name in a DNS > > space that you don't own. > > > >Where do you see the problem? > > Doh! The problem lies between my chair and keyboard. Sorry. > > A passing comment, though - if you want domain names to be a safe > extension mechanism, you should include a date, since they can change > hands (without consent of the current owner, even). It's also worth noting that the naming rules are often ignored in practice. A year or two ago, I pulled a keyring from one of the keyservers and enumerated the notation names. I'd have to dig up my notes from then, but I seem to recall that around 85-90% of them were the string "COMMENT". (Since then, GnuPG has refused to create notation names without a '@' in them). David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KMWcao094631; Fri, 20 May 2005 15:32:38 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4KMWcUa094629; Fri, 20 May 2005 15:32:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KMWbKv094617 for ; Fri, 20 May 2005 15:32:37 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Fri, 20 May 2005 15:32:35 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Fri, 20 May 2005 15:32:35 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Fri, 20 May 2005 15:32:35 -0700 In-Reply-To: <428CF900.9030505@algroup.co.uk> References: <428CF900.9030505@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <8d5ad5a9f7affa48ec29be606193bec3@callas.org> Content-Transfer-Encoding: 7bit Cc: OpenPGP From: Jon Callas Subject: Re: Key Algorithms? Date: Fri, 20 May 2005 15:32:33 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 19 May 2005, at 1:37 PM, Ben Laurie wrote: > > Key algorithms ... these are used in various contexts, and there's a > list in 9.1 - some of these are clearly unsuitable in some contexts - > for example, one would not expect to see RSA Encrypt-Only (3) in a > signature. But I can't find any language saying anything about > this. Are there any rules? > All of these are deprecated or disallowed. 12.4. RSA There are algorithm types for RSA-signature-only, and RSA-encrypt-only keys. These types are deprecated. The "key flags" subpacket in a signature is a much better way to express the same idea, and generalizes it to all algorithms. An implementation SHOULD NOT create such a key, but MAY interpret it. [...] 12.7. Reserved Algorithm Numbers A number of algorithm IDs have been reserved for algorithms that would be useful to use in an OpenPGP implementation, yet there are issues that prevent an implementer from actually implementing the algorithm. These are marked in the Public Algorithms section as "(reserved for)". [...] Previous versions of OpenPGP permitted Elgamal [ELGAMAL] signatures with a public key identifier of 20. These are no longer permitted. An implementation MUST NOT generate such keys. An implementation MUST NOT generate Elgamal signatures. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KMSiqU093915; Fri, 20 May 2005 15:28:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4KMSilW093914; Fri, 20 May 2005 15:28:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KMSgo2093906 for ; Fri, 20 May 2005 15:28:43 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Fri, 20 May 2005 15:28:41 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Fri, 20 May 2005 15:28:41 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Fri, 20 May 2005 15:28:41 -0700 In-Reply-To: <428CF892.60809@algroup.co.uk> References: <428CF892.60809@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <42ee6c4a9279d24e1080c6ff528024e4@callas.org> Content-Transfer-Encoding: 7bit Cc: OpenPGP From: Jon Callas Subject: Re: Minor nit: Issuer vs. Issuer key ID Date: Fri, 20 May 2005 15:28:40 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 19 May 2005, at 1:35 PM, Ben Laurie wrote: > > 5.2.3.5 Issuer > > should be: > > 5.2.3.5 Issuer key ID > > A tiny point, I know, but it made it hard to find. > Fixed in bis-14. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KJZEVG045103; Fri, 20 May 2005 12:35:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4KJZEM2045102; Fri, 20 May 2005 12:35:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4KJZDYm045067 for ; Fri, 20 May 2005 12:35:14 -0700 (PDT) (envelope-from dinaras@cnri.reston.va.us) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA00365; Fri, 20 May 2005 15:35:07 -0400 (EDT) Message-Id: <200505201935.PAA00365@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-rfc2440bis-13.txt Date: Fri, 20 May 2005 15:35:07 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : OpenPGP Message Format Author(s) : J. Callas, et al. Filename : draft-ietf-openpgp-rfc2440bis-13.txt Pages : 72 Date : 2005-5-20 This document is maintained in order to publish all necessary information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws. OpenPGP software uses a combination of strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. These services include confidentiality, key management, authentication, and digital signatures. This document specifies the message formats used in OpenPGP. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-13.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-rfc2440bis-13.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-rfc2440bis-13.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2005-5-20154458.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-rfc2440bis-13.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-rfc2440bis-13.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2005-5-20154458.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4K8lKSH022712; Fri, 20 May 2005 01:47:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4K8lKdA022711; Fri, 20 May 2005 01:47:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4K8lJKs022694 for ; Fri, 20 May 2005 01:47:20 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6159733C5F; Fri, 20 May 2005 09:47:18 +0100 (BST) Message-ID: <428DA39D.2050308@algroup.co.uk> Date: Fri, 20 May 2005 09:45:17 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Werner Koch Cc: Jon Callas , David Shaw , ietf-openpgp@imc.org Subject: Re: Critical bits and notations References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> <20050511143536.GA27860@jabberwocky.com> <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> <428CFA76.3010908@algroup.co.uk> <874qcy2wcw.fsf@wheatstone.g10code.de> In-Reply-To: <874qcy2wcw.fsf@wheatstone.g10code.de> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Werner Koch wrote: > On Thu, 19 May 2005 21:43:34 +0100, Ben Laurie said: > > >>This whole discussion scares me. You have an extension mechanism with >>no registry for extensions. > > > We do have a way to register extensions ([5.2.3.16. Notation Data]): > > The IETF name space is registered with IANA. These names MUST NOT > contain the "@" character (0x40) is this is a tag for the user name > space. > > Names in the user name space consist of a UTF-8 string tag followed > by "@" followed by a DNS domain name. Note that the tag MUST NOT > contain an "@" character. For example, the "sample" tag used by > Example Corporation could be "sample@example.com". > > Names in a user space are owned and controlled by the owners of that > domain. Obviously, it's of bad form to create a new name in a DNS > space that you don't own. > > Where do you see the problem? Doh! The problem lies between my chair and keyboard. Sorry. A passing comment, though - if you want domain names to be a safe extension mechanism, you should include a date, since they can change hands (without consent of the current owner, even). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4K8hRt1021332; Fri, 20 May 2005 01:43:27 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4K8hRQq021331; Fri, 20 May 2005 01:43:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4K8hN3C021299 for ; Fri, 20 May 2005 01:43:24 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1DZ1Lc-0004QS-B0 for ; Fri, 20 May 2005 08:51:04 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1DZ1rz-0008Rw-Pg; Fri, 20 May 2005 09:24:31 +0200 To: Ben Laurie Cc: Jon Callas , David Shaw , ietf-openpgp@imc.org Subject: Re: Critical bits and notations References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> <20050511143536.GA27860@jabberwocky.com> <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> <428CFA76.3010908@algroup.co.uk> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Fri, 20 May 2005 09:24:31 +0200 In-Reply-To: <428CFA76.3010908@algroup.co.uk> (Ben Laurie's message of "Thu, 19 May 2005 21:43:34 +0100") Message-ID: <874qcy2wcw.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 19 May 2005 21:43:34 +0100, Ben Laurie said: > This whole discussion scares me. You have an extension mechanism with > no registry for extensions. We do have a way to register extensions ([5.2.3.16. Notation Data]): The IETF name space is registered with IANA. These names MUST NOT contain the "@" character (0x40) is this is a tag for the user name space. Names in the user name space consist of a UTF-8 string tag followed by "@" followed by a DNS domain name. Note that the tag MUST NOT contain an "@" character. For example, the "sample" tag used by Example Corporation could be "sample@example.com". Names in a user space are owned and controlled by the owners of that domain. Obviously, it's of bad form to create a new name in a DNS space that you don't own. Where do you see the problem? Salam-Shalom, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKjaHb048146; Thu, 19 May 2005 13:45:36 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4JKja56048145; Thu, 19 May 2005 13:45:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKjaLa048138 for ; Thu, 19 May 2005 13:45:36 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 9812033C33; Thu, 19 May 2005 21:45:35 +0100 (BST) Message-ID: <428CFA76.3010908@algroup.co.uk> Date: Thu, 19 May 2005 21:43:34 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas Cc: David Shaw , ietf-openpgp@imc.org Subject: Re: Critical bits and notations References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> <20050511143536.GA27860@jabberwocky.com> <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> In-Reply-To: <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > > > On 11 May 2005, at 7:35 AM, David Shaw wrote: > >> >> On Tue, May 10, 2005 at 09:28:36PM -0700, "Hal Finney" wrote: >> >>> >>> In my opinion, the critical bit on a notation packet should mean >>> that the implementation needs to recognize that particular notation, >>> not just notation packets in general. Otherwise we would have no way >>> of expressing the requirement that the particular notation packet be >>> understood. >> >> >> That makes good sense, and I agree. However, the text in the draft >> doesn't exactly say this (and rather implies the opposite). >> > > I agree with Hal. I don't think that the text in the draft implies the > opposite, however. Here's a quote: > > ... The > purpose of the critical bit is to allow the signer to tell an > evaluator that it would prefer a new, unknown feature to generate an > error than be ignored. > > This says to me that if you see a notation you don't understand, you > should error out. > > Notations are our extension mechanism. It strikes me as perverse to > think that you only have to know the general concept of extensions and > not the specific extension. > >> I suggest adding this sentence (or similar) to the end of section >> 5.2.3.16. Notation Data: >> >> When used on a notation subpacket, the critical bit refers to that >> particular notation, and not to notation subpackets in general. > > > I put in: > > If there is a critical notation, the criticality applies to that > specific > notation and not to notations in general. > > but I'll bet you a beer someone finds a creative way to misinterpret this. This whole discussion scares me. You have an extension mechanism with no registry for extensions. When these things get popular, it turns out everyone hates them. cf. DNS TXT records. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKdNAi046471; Thu, 19 May 2005 13:39:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4JKdNYZ046470; Thu, 19 May 2005 13:39:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKdMnH046461 for ; Thu, 19 May 2005 13:39:22 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id ACFB833C33 for ; Thu, 19 May 2005 21:39:21 +0100 (BST) Message-ID: <428CF900.9030505@algroup.co.uk> Date: Thu, 19 May 2005 21:37:20 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP Subject: Key Algorithms? X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Key algorithms ... these are used in various contexts, and there's a list in 9.1 - some of these are clearly unsuitable in some contexts - for example, one would not expect to see RSA Encrypt-Only (3) in a signature. But I can't find any language saying anything about this. Are there any rules? -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKbaAX045888; Thu, 19 May 2005 13:37:36 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4JKbaWH045887; Thu, 19 May 2005 13:37:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4JKbYVc045865 for ; Thu, 19 May 2005 13:37:35 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6AD2533C33 for ; Thu, 19 May 2005 21:37:31 +0100 (BST) Message-ID: <428CF892.60809@algroup.co.uk> Date: Thu, 19 May 2005 21:35:30 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP Subject: Minor nit: Issuer vs. Issuer key ID X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: 5.2.3.5 Issuer should be: 5.2.3.5 Issuer key ID A tiny point, I know, but it made it hard to find. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CMGHTW022182; Thu, 12 May 2005 15:16:17 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4CMGH1S022181; Thu, 12 May 2005 15:16:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CMGHUb022174 for ; Thu, 12 May 2005 15:16:17 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Thu, 12 May 2005 15:16:15 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Thu, 12 May 2005 15:16:15 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Thu, 12 May 2005 15:16:15 -0700 In-Reply-To: <20050512154924.GA30354@jabberwocky.com> References: <426E7C6E.3070108@algroup.co.uk> <9f380090fe85d7069d0122598b988a16@callas.org> <20050512154924.GA30354@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <99f3946047bf398122efad9e1b03ba66@callas.org> Content-Transfer-Encoding: 7bit Cc: OpenPGP From: Jon Callas Subject: Re: Tag 11 unclear Date: Thu, 12 May 2005 15:16:15 -0700 To: David Shaw X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 12 May 2005, at 8:49 AM, David Shaw wrote: > Isn't _CONSOLE what is used when something shouldn't be saved as a > file? I'd say zero length just means that the sender didn't give a > file name, whether because the data doesn't have one, or because the > filename is private, or even because it just didn't want to. > No, _CONSOLE means "eyes only." Then you do whatever it is you do for eyes only. > I think the 0 option for the literal timestamp is similar - it just > means the sender didn't give a time. The recipient can interpret that > however it likes. > Again, I think there are three options: data mod date (typically meaning its source is a file), encrypt time, and decrypt time. The encryptor picks. The decryptor has no way of knowing which of the first two was picked. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CFnWJk094602; Thu, 12 May 2005 08:49:32 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4CFnWHI094600; Thu, 12 May 2005 08:49:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [216.148.227.89]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CFnVrD094590 for ; Thu, 12 May 2005 08:49:32 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (rwcrmhc14) with ESMTP id <2005051215492601400efpsre>; Thu, 12 May 2005 15:49:26 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j4CFnQ8M020508 for ; Thu, 12 May 2005 11:49:26 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4CFnOjD030564 for ; Thu, 12 May 2005 11:49:24 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4CFnORQ030563 for ietf-openpgp@imc.org; Thu, 12 May 2005 11:49:24 -0400 Date: Thu, 12 May 2005 11:49:24 -0400 From: David Shaw To: OpenPGP Subject: Re: Tag 11 unclear Message-ID: <20050512154924.GA30354@jabberwocky.com> Mail-Followup-To: OpenPGP References: <426E7C6E.3070108@algroup.co.uk> <9f380090fe85d7069d0122598b988a16@callas.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9f380090fe85d7069d0122598b988a16@callas.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, May 11, 2005 at 05:19:01PM -0700, Jon Callas wrote: > > > " - File name as a string (one-octet length, followed by file name), > > if the encrypted data should be saved as a file." > > > >but no mention of what if it shouldn't be saved as a file. 0 length, > >perhaps? > > > > That's what I'd do. Isn't _CONSOLE what is used when something shouldn't be saved as a file? I'd say zero length just means that the sender didn't give a file name, whether because the data doesn't have one, or because the filename is private, or even because it just didn't want to. I think the 0 option for the literal timestamp is similar - it just means the sender didn't give a time. The recipient can interpret that however it likes. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CETMNu087475; Thu, 12 May 2005 07:29:22 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4CETM2b087474; Thu, 12 May 2005 07:29:22 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4CETLqD087468 for ; Thu, 12 May 2005 07:29:21 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id A197F33C74; Thu, 12 May 2005 15:29:19 +0100 (BST) Message-ID: <42836841.5010408@algroup.co.uk> Date: Thu, 12 May 2005 15:29:21 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas Cc: OpenPGP Subject: Re: Tag 11 unclear References: <426E7C6E.3070108@algroup.co.uk> <9f380090fe85d7069d0122598b988a16@callas.org> In-Reply-To: <9f380090fe85d7069d0122598b988a16@callas.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: >> " - File name as a string (one-octet length, followed by file name), >> if the encrypted data should be saved as a file." >> >> but no mention of what if it shouldn't be saved as a file. 0 length, >> perhaps? >> > > That's what I'd do. > >> Then: >> >> " - A four-octet number that indicates the modification date of the >> file, or the creation time of the packet, or a zero that >> indicates the present time." >> >> I would _guess_ that it means modification date of the file if there's >> a filename, the creation time if there isn't. I have no idea what zero >> is supposed to mean. Nothing, would be the obvious interpretation - >> "the present time" is nonsensical. >> > > I think that the major problem is that OpenPGP gets used for a lot of > things, and this is giving latitude, which always means lack of clarity. > This dates back at least as far as RFC 1991, which says: > > ... Field (d) [labeled previously as "a time field"] > should be the time at which > the file was last modified, or the time at which the data packet was > created, or 0. > > Which is even less helpful, as it doesn't tell us about the zero option. > Unfortunately, this is not only ambiguous, but insufficient. > > Let's presume that I've decrypted a packet. If I'm storing that in a > file, it seems to me that I should take that time field and make it be > the creation and modification date of the file, or now if it's zero. If > I'm putting it in a text widget (for example), then obviously I don't do > anything as the time doesn't really apply. > > If I am creating a literal packet, I have several options. One is that I > take the modification time of the file, assuming it's available. > Personally, I think if you're transferring files around, you should > preserve the creation time and the modification time, but I'm fussy that > way. > > The next option that I have is to put the current time in there. The > reason I might do that is if I think I'm leaking data by doing it, or -- > whatever. If I don't want to put the modification time of the data in > the packet, I can put "now" in there. The obvious "whatever" is when the source is not otherwise dated, such as the user typing at a keyboard, or the output of a pipe. > The last option is that if I don't want to use *my* now, but the > *recipient's* now, I can put a zero in there. > > It's completely up to me to decide for whatever arcane reasons I have > which of those is the right thing to do. > > I added to the end of the paragraph there: "It is up to the creator of > the packet which of these they use." Does that help? Not really. My objection to the wording is that it makes no sense. That is, the time field has three alleged possible meanings: a) last modification time of file b) creation time of packet c) now we have no way to tell whether a) or b) is meant, unless we link that to the presence of a filename, and having a time field mean "now" without saying what "now" is supposed to apply to makes no sense whatsoever. I can't even see how to fix that and retain the "now"ness - if we say it applies to the file or the packet, that's clearly untrue. So what does it apply to? The only thing that makes sense to me is to define 0 as "the sender has declined to provide a time". As before, if we can agree on this, I'll produce proposed words. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4C0J5uf047435; Wed, 11 May 2005 17:19:05 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4C0J5VN047434; Wed, 11 May 2005 17:19:05 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4C0J4Qf047428 for ; Wed, 11 May 2005 17:19:04 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 11 May 2005 17:19:00 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Wed, 11 May 2005 17:19:00 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 11 May 2005 17:19:00 -0700 In-Reply-To: <426E7C6E.3070108@algroup.co.uk> References: <426E7C6E.3070108@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <9f380090fe85d7069d0122598b988a16@callas.org> Content-Transfer-Encoding: 7bit Cc: OpenPGP From: Jon Callas Subject: Re: Tag 11 unclear Date: Wed, 11 May 2005 17:19:01 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > " - File name as a string (one-octet length, followed by file name), > if the encrypted data should be saved as a file." > > but no mention of what if it shouldn't be saved as a file. 0 length, > perhaps? > That's what I'd do. > Then: > > " - A four-octet number that indicates the modification date of the > file, or the creation time of the packet, or a zero that > indicates the present time." > > I would _guess_ that it means modification date of the file if there's > a filename, the creation time if there isn't. I have no idea what zero > is supposed to mean. Nothing, would be the obvious interpretation - > "the present time" is nonsensical. > I think that the major problem is that OpenPGP gets used for a lot of things, and this is giving latitude, which always means lack of clarity. This dates back at least as far as RFC 1991, which says: ... Field (d) [labeled previously as "a time field"] should be the time at which the file was last modified, or the time at which the data packet was created, or 0. Which is even less helpful, as it doesn't tell us about the zero option. Unfortunately, this is not only ambiguous, but insufficient. Let's presume that I've decrypted a packet. If I'm storing that in a file, it seems to me that I should take that time field and make it be the creation and modification date of the file, or now if it's zero. If I'm putting it in a text widget (for example), then obviously I don't do anything as the time doesn't really apply. If I am creating a literal packet, I have several options. One is that I take the modification time of the file, assuming it's available. Personally, I think if you're transferring files around, you should preserve the creation time and the modification time, but I'm fussy that way. The next option that I have is to put the current time in there. The reason I might do that is if I think I'm leaking data by doing it, or -- whatever. If I don't want to put the modification time of the data in the packet, I can put "now" in there. The last option is that if I don't want to use *my* now, but the *recipient's* now, I can put a zero in there. It's completely up to me to decide for whatever arcane reasons I have which of those is the right thing to do. I added to the end of the paragraph there: "It is up to the creator of the packet which of these they use." Does that help? Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNuE7S045743; Wed, 11 May 2005 16:56:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BNuELN045742; Wed, 11 May 2005 16:56:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNuEoJ045736 for ; Wed, 11 May 2005 16:56:14 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 11 May 2005 16:56:12 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Wed, 11 May 2005 16:56:12 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 11 May 2005 16:56:12 -0700 In-Reply-To: <426E366B.4030806@algroup.co.uk> References: <426E366B.4030806@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: OpenPGP From: Jon Callas Subject: Re: Editorial Nit Date: Wed, 11 May 2005 16:56:13 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 26 Apr 2005, at 5:39 AM, Ben Laurie wrote: > > 5.2.3.7. Preferred symmetric algorithms > > (sequence of one-octet values) > > 5.2.3.8. Preferred hash algorithms > > (array of one-octet values) > > It seems these (and others) should all either say "sequence" or > "array". > I changed them all to "array" for no particular reason other than I think I like it better today. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNs4Cg045613; Wed, 11 May 2005 16:54:04 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BNs4Ba045612; Wed, 11 May 2005 16:54:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNs37n045606 for ; Wed, 11 May 2005 16:54:03 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 11 May 2005 16:54:00 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Wed, 11 May 2005 16:54:00 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 11 May 2005 16:54:00 -0700 In-Reply-To: <20050511143536.GA27860@jabberwocky.com> References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> <20050511143536.GA27860@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <7aa4a188ebe94c0c678f4f81c446ef7f@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: Critical bits and notations Date: Wed, 11 May 2005 16:54:01 -0700 To: David Shaw X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 11 May 2005, at 7:35 AM, David Shaw wrote: > > On Tue, May 10, 2005 at 09:28:36PM -0700, "Hal Finney" wrote: >> >> In my opinion, the critical bit on a notation packet should mean >> that the implementation needs to recognize that particular notation, >> not just notation packets in general. Otherwise we would have no way >> of expressing the requirement that the particular notation packet be >> understood. > > That makes good sense, and I agree. However, the text in the draft > doesn't exactly say this (and rather implies the opposite). > I agree with Hal. I don't think that the text in the draft implies the opposite, however. Here's a quote: ... The purpose of the critical bit is to allow the signer to tell an evaluator that it would prefer a new, unknown feature to generate an error than be ignored. This says to me that if you see a notation you don't understand, you should error out. Notations are our extension mechanism. It strikes me as perverse to think that you only have to know the general concept of extensions and not the specific extension. > I suggest adding this sentence (or similar) to the end of section > 5.2.3.16. Notation Data: > > When used on a notation subpacket, the critical bit refers to that > particular notation, and not to notation subpackets in general. I put in: If there is a critical notation, the criticality applies to that specific notation and not to notations in general. but I'll bet you a beer someone finds a creative way to misinterpret this. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNgkhp044733; Wed, 11 May 2005 16:42:46 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BNgkWa044732; Wed, 11 May 2005 16:42:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BNgkrK044726 for ; Wed, 11 May 2005 16:42:46 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 11 May 2005 16:42:44 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Wed, 11 May 2005 16:42:44 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 11 May 2005 16:42:44 -0700 In-Reply-To: <42821519.6070402@hobthross.com> References: <42821519.6070402@hobthross.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: minor comments on draft-ietf-openpgp-rfc2440bis-12.txt Date: Wed, 11 May 2005 16:42:45 -0700 To: Rachel Willmer X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 11 May 2005, at 7:22 AM, Rachel Willmer wrote: > > Minor nitpicks: > > 1/ 5.2.3.23 "Reason for revocation" > > "superceded" should be "superseded" Done. Both occurrences. > > 2/ Sections 5.2.3.8 and 5.2.3.9 both reference algorithm lists in > section 6, which is currently the section entitled "Radix-64 > conversions". I suspect the reference should be to Section 9. > Done. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BM9CXe038028; Wed, 11 May 2005 15:09:12 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BM9Cah038027; Wed, 11 May 2005 15:09:12 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc14.comcast.net (sccrmhc14.comcast.net [204.127.202.59]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BM9BvI038019 for ; Wed, 11 May 2005 15:09:11 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (sccrmhc14) with ESMTP id <20050511220903014008ppgge>; Wed, 11 May 2005 22:09:03 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j4BM948M016613 for ; Wed, 11 May 2005 18:09:04 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4BM91rg028571 for ; Wed, 11 May 2005 18:09:01 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4BM916s028570 for ietf-openpgp@imc.org; Wed, 11 May 2005 18:09:01 -0400 Date: Wed, 11 May 2005 18:09:01 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Tag 11 unclear Message-ID: <20050511220901.GC28377@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050511215133.93CDC57E8C@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050511215133.93CDC57E8C@finney.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, May 11, 2005 at 02:51:33PM -0700, "Hal Finney" wrote: > > David Shaw writes: > > What about (onepass, literal, literal, literal, sig) ? Treat as the > > multiple literal bodies concatenated together? > > I don't think we should allow this. There are too many potentials > for mischief due to the absence of boundary information feeding into > the signature. Note that this is currently legal syntax in the grammar. (I actually suggested the run-of-literal-packets grammar change to resolve a problem elsewhere in the document, but that doesn't mean I was right). David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BLopwL036255; Wed, 11 May 2005 14:50:51 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BLopel036254; Wed, 11 May 2005 14:50:51 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BLoolX036247 for ; Wed, 11 May 2005 14:50:50 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 93CDC57E8C; Wed, 11 May 2005 14:51:33 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Re: Tag 11 unclear Message-Id: <20050511215133.93CDC57E8C@finney.org> Date: Wed, 11 May 2005 14:51:33 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw writes: > What about (onepass, literal, literal, literal, sig) ? Treat as the > multiple literal bodies concatenated together? I don't think we should allow this. There are too many potentials for mischief due to the absence of boundary information feeding into the signature. Hal Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BLPbDn034350; Wed, 11 May 2005 14:25:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BLPbDr034349; Wed, 11 May 2005 14:25:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BLPaQm034340 for ; Wed, 11 May 2005 14:25:37 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (sccrmhc13) with ESMTP id <2005051121253001600cb6tge>; Wed, 11 May 2005 21:25:31 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j4BLPV8M016455 for ; Wed, 11 May 2005 17:25:31 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4BLPSwc028500 for ; Wed, 11 May 2005 17:25:28 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4BLPSmU028499 for ietf-openpgp@imc.org; Wed, 11 May 2005 17:25:28 -0400 Date: Wed, 11 May 2005 17:25:28 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Tag 11 unclear Message-ID: <20050511212528.GA28377@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050426190223.2DA7B57EE7@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050426190223.2DA7B57EE7@finney.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Apr 26, 2005 at 12:02:23PM -0700, "Hal Finney" wrote: > We might also want to note here that literal packet headers are not > signed, unless the literal packet is first wrapped in another packet > such as a compressed packet. Only the body of a literal packet is > signed in a message which consists of sig-packet, literal-packet. > (Or sig1-packet, literal-packet, sig-packet) What about (onepass, literal, literal, literal, sig) ? Treat as the multiple literal bodies concatenated together? David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BEZwwq099621; Wed, 11 May 2005 07:35:58 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BEZwo3099619; Wed, 11 May 2005 07:35:58 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [216.148.227.89]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BEZv1B099610 for ; Wed, 11 May 2005 07:35:57 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (rwcrmhc14) with ESMTP id <2005051114354401400eh2o7e>; Wed, 11 May 2005 14:35:50 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j4BEZc8M014922 for ; Wed, 11 May 2005 10:35:38 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4BEZaEQ027912 for ; Wed, 11 May 2005 10:35:36 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4BEZaP0027911 for ietf-openpgp@imc.org; Wed, 11 May 2005 10:35:36 -0400 Date: Wed, 11 May 2005 10:35:36 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Critical bits and notations Message-ID: <20050511143536.GA27860@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050511042836.91ACA57EE6@finney.org> <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87psvymdtl.fsf@wheatstone.g10code.de> <20050511042836.91ACA57EE6@finney.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, May 10, 2005 at 09:28:36PM -0700, "Hal Finney" wrote: > > In my opinion, the critical bit on a notation packet should mean > that the implementation needs to recognize that particular notation, > not just notation packets in general. Otherwise we would have no way > of expressing the requirement that the particular notation packet be > understood. That makes good sense, and I agree. However, the text in the draft doesn't exactly say this (and rather implies the opposite). I suggest adding this sentence (or similar) to the end of section 5.2.3.16. Notation Data: When used on a notation subpacket, the critical bit refers to that particular notation, and not to notation subpackets in general. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BEMLTt097872; Wed, 11 May 2005 07:22:21 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BEMLf9097871; Wed, 11 May 2005 07:22:21 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp-out4.blueyonder.co.uk (smtp-out4.blueyonder.co.uk [195.188.213.7]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BEMJjB097865 for ; Wed, 11 May 2005 07:22:20 -0700 (PDT) (envelope-from rachel@hobthross.com) Received: from quinag.willmer.net ([82.41.74.2]) by smtp-out4.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Wed, 11 May 2005 15:22:58 +0100 Received: from router.wlan ([192.168.1.1] helo=[192.168.0.11]) by quinag.willmer.net with asmtp (Exim 4.34) id 1DVs6N-0001d1-Vw for ietf-openpgp@imc.org; Wed, 11 May 2005 15:22:20 +0100 Message-ID: <42821519.6070402@hobthross.com> Date: Wed, 11 May 2005 15:22:17 +0100 From: Rachel Willmer User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050404) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: minor comments on draft-ietf-openpgp-rfc2440bis-12.txt X-Enigmail-Version: 0.90.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 11 May 2005 14:22:58.0606 (UTC) FILETIME=[EE4A44E0:01C55634] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Minor nitpicks: 1/ 5.2.3.23 "Reason for revocation" "superceded" should be "superseded" 2/ Sections 5.2.3.8 and 5.2.3.9 both reference algorithm lists in section 6, which is currently the section entitled "Radix-64 conversions". I suspect the reference should be to Section 9. Rachel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BAUKx6024752; Wed, 11 May 2005 03:30:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4BAUKR3024751; Wed, 11 May 2005 03:30:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4BAUIPr024731 for ; Wed, 11 May 2005 03:30:19 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1DVo0Q-00075K-4Z for ; Wed, 11 May 2005 11:59:54 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1DVlTC-0001h3-Lw; Wed, 11 May 2005 09:17:26 +0200 To: hal@finney.org ("Hal Finney") Cc: dshaw@jabberwocky.com, ietf-openpgp@imc.org Subject: Re: Critical bits and notations References: <20050511042836.91ACA57EE6@finney.org> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Wed, 11 May 2005 09:17:26 +0200 In-Reply-To: <20050511042836.91ACA57EE6@finney.org> (Hal Finney's message of "Tue, 10 May 2005 21:28:36 -0700 (PDT)") Message-ID: <87psvymdtl.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, 10 May 2005 21:28:36 -0700 (PDT), "Hal Finney" said: > In my opinion, the critical bit on a notation packet should mean > that the implementation needs to recognize that particular notation, > not just notation packets in general. Otherwise we would have no way I agree. This matches the way the critical flag of CMS' extended attributes is used. Shalom-Salam, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4B4Ru5h094433; Tue, 10 May 2005 21:27:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4B4RuOT094432; Tue, 10 May 2005 21:27:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4B4RugR094426 for ; Tue, 10 May 2005 21:27:56 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 91ACA57EE6; Tue, 10 May 2005 21:28:36 -0700 (PDT) To: dshaw@jabberwocky.com, ietf-openpgp@imc.org Subject: Re: Critical bits and notations Message-Id: <20050511042836.91ACA57EE6@finney.org> Date: Tue, 10 May 2005 21:28:36 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: In my opinion, the critical bit on a notation packet should mean that the implementation needs to recognize that particular notation, not just notation packets in general. Otherwise we would have no way of expressing the requirement that the particular notation packet be understood. I also wouldn't say that human-readable means that it is enough to display it. My interpretation of human-readable is that it is OK to display it to a person, i.e. that the data is in UTF-8, but not that displaying it to a person is sufficient to claim full support of the packet. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4B3hVVd091657; Tue, 10 May 2005 20:43:31 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4B3hVYX091656; Tue, 10 May 2005 20:43:31 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc14.comcast.net (sccrmhc14.comcast.net [204.127.202.59]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4B3hS4Q091646 for ; Tue, 10 May 2005 20:43:30 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (sccrmhc14) with ESMTP id <20050511034322014008lqu4e>; Wed, 11 May 2005 03:43:22 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j4B3hN8M012520 for ; Tue, 10 May 2005 23:43:23 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j4B3hJO4025017 for ; Tue, 10 May 2005 23:43:19 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j4B3hJJA025016 for ietf-openpgp@imc.org; Tue, 10 May 2005 23:43:19 -0400 Date: Tue, 10 May 2005 23:43:19 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Critical bits and notations Message-ID: <20050511034319.GA24832@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Here's an odd corner case, one that I'd be grateful for some thoughts on: what does the critical bit mean in the context of a signature notation? Does the critical bit refer to support of the notation subpacket in general, or to the specific notation given in the critical notation subpacket? For example, take an implementation that can read notations, and specifically understands and acts on the "foo" notation. Given that, it's very clear that this implementation should accept a critical notation "foo=1". Now try a critical notation of "bar=2". Should the implementation accept it because it knows what a notation is, and implements notations, or should it reject it because it doesn't know what the specific "bar" notation is? The draft has this to say on the subject of critical bits for signature subpackets: Bit 7 of the subpacket type is the "critical" bit. If set, it denotes that the subpacket is one that is critical for the evaluator of the signature to recognize. If a subpacket is encountered that is marked critical but is unknown to the evaluating software, the evaluator SHOULD consider the signature to be in error. An evaluator may "recognize" a subpacket, but not implement it. The purpose of the critical bit is to allow the signer to tell an evaluator that it would prefer a new, unknown feature to generate an error than be ignored. According to this, it would seem that a critical bit on a notation would seem to refer to support for the notation subpacket (i.e. notations in general). However, this seems a bit less useful than it could be, since the main idea of notations is to be able to add interesting things to the standard later. A critical bit that applied to the specific notation seems more useful. How does human-readable fit into this - if a notation is human readable, is it sufficient to display the notation to a human to say that it is "recognized"? David