ietf-openpgp

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: Fix revocation keys instead of fingerprints? (was Re: Non-SHA-1 fingerprints) Daniel A. Nagy Thu May 07 11:01:01 2009

Hello,

David Shaw wrote:
> On May 5, 2009, at 2:13 AM, Daniel A. Nagy wrote:
> 
>> Hi,
>>
>> David Shaw wrote:
>>> It's a larger problem than just fingerprints.  We also use a fingerprint
>>> as a specifier inside the revocation key subpacket, to designate which
>>> key can be used to issue revocations on our behalf.  The thing is,
>>> though, a fingerprint isn't really a very good revocation key specifier:
>>>
>>> Fingerprints:
>>> * Must be human-readable
>>> * Needs to be small to be useful
>>> * Can collide to some small amount (4880 even documents that they
>>> collide in section 12.2)
>>
>> That's not the fingerprint. That's the key ID.
> 
> A nit, but that really is the fingerprint.
> 
> 12.2:
> 
>    Note that there is a much smaller, but still non-zero, probability
> that two different keys have the same fingerprint.

While the probability is non-zero, but it is roughly equal to accidentally
guessing the discrete logarithm of a DSA key or a prime factor of the RSA key.

> It's not exactly *likely*, but it's not quite zero.  I heard a
> urban-legendish story once about someone who (completely accidentally)
> generated a key that just happened to have a fingerprint collision with
> someone else's key.  Unfortunately, thinking it was a bug, they deleted
> the key... make of that what you will :)

There WAS a bug and he did the right thing.

-- 
Daniel