Re: [PATCH] emacs: wash: make word-wrap bound message width

[notmuch-archives.git] / ac / 403796c9ae7c96e6856ac97950e6864abb7c55

Return-Path: <dkg@fifthhorseman.net>\r
X-Original-To: notmuch@notmuchmail.org\r
Delivered-To: notmuch@notmuchmail.org\r
Received: from localhost (localhost [127.0.0.1])\r
        by olra.theworths.org (Postfix) with ESMTP id 759FB431FB6\r
        for <notmuch@notmuchmail.org>; Mon, 17 Jan 2011 17:54:14 -0800 (PST)\r
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
X-Spam-Flag: NO\r
X-Spam-Score: 0\r
X-Spam-Level: \r
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]\r
        autolearn=disabled\r
Received: from olra.theworths.org ([127.0.0.1])\r
        by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
        with ESMTP id tOQne-EvelHk for <notmuch@notmuchmail.org>;\r
        Mon, 17 Jan 2011 17:54:13 -0800 (PST)\r
X-Greylist: delayed 392 seconds by postgrey-1.32 at olra;\r
        Mon, 17 Jan 2011 17:54:13 PST\r
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
        by olra.theworths.org (Postfix) with ESMTP id 5AC46431FB5\r
        for <notmuch@notmuchmail.org>; Mon, 17 Jan 2011 17:54:13 -0800 (PST)\r
Received: from [192.168.13.75] (lair.fifthhorseman.net [216.254.116.241])\r
        by che.mayfirst.org (Postfix) with ESMTPSA id CBC87F987;\r
        Mon, 17 Jan 2011 20:47:39 -0500 (EST)\r
Message-ID: <4D34F133.3000807@fifthhorseman.net>\r
Date: Mon, 17 Jan 2011 20:47:31 -0500\r
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;\r
        rv:1.9.2.13) Gecko/20101213 Icedove/3.1.7\r
MIME-Version: 1.0\r
To: IETF OpenPGP Working Group <ietf-openpgp@imc.org>\r
Subject: including the entire fingerprint of the issuer in an OpenPGP\r
        certification\r
X-Enigmail-Version: 1.1.2\r
Content-Type: multipart/signed; micalg=pgp-sha512;\r
        protocol="application/pgp-signature";\r
        boundary="------------enigFBFACFA426B5BF54C7C24A9A"\r
Cc: notmuch <notmuch@notmuchmail.org>\r
X-BeenThere: notmuch@notmuchmail.org\r
X-Mailman-Version: 2.1.13\r
Precedence: list\r
Reply-To: IETF OpenPGP Working Group <ietf-openpgp@imc.org>\r
List-Id: "Use and development of the notmuch mail system."\r
        <notmuch.notmuchmail.org>\r
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
        <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
List-Post: <mailto:notmuch@notmuchmail.org>\r
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
        <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
X-List-Received-Date: Tue, 18 Jan 2011 01:54:14 -0000\r
\r
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)\r
--------------enigFBFACFA426B5BF54C7C24A9A\r
Content-Type: text/plain; charset=UTF-8\r
Content-Transfer-Encoding: quoted-printable\r
\r
Hi OpenPGP folks (and Cc'ed notmuch developers/users)--\r
\r
Some recent discussion about verifying OpenPGP signatures for the\r
notmuch mail user agent got me thinking about different ways one might\r
interpret a negative result from a signature made over a message.\r
\r
Most OpenPGP signatures i've seen use the (unhashed) issuer subpacket to\r
refer to the low 64 bits of the fingerprint of the issuer's key (the\r
issuer's "key ID"):\r
\r
 https://tools.ietf.org/html/rfc4880#section-5.2.3.5\r
\r
Given that we can't assume that key IDs are unique with any high degree\r
of confidence, this creates some ambiguity between these states:\r
\r
 A) "you don't have the key that made this signature"\r
\r
 B) "this signature is bad"\r
\r
a user-friendly MUA that thinks it is in state A might do something\r
sensible like offer to do a keyserver lookup (if it is online), while\r
simply reporting "signature error" if it thinks it is in state B.\r
\r
But a devious attacker could potentially create a colliding Key ID (i\r
believe collisions of the low 64 bits of SHA1 are within reach today,\r
i'd love to be corrected if this is not the case) and cause the\r
user-friendly MUA to assume it is in state B when it is actually in\r
state A.  The attacker doesn't even need access to the message or\r
signature in question to do this.  They'd only need to have been able to\r
supply a key to the user at some time in the past.  (e.g. push a new\r
subkey to the keyservers which a user pulls during a keyring refresh)\r
\r
One way around this ambiguity would be to include the issuer's entire\r
fingerprint instead of just the low 64 bits, which would make the\r
certainty of state A vs. state B much clearer.\r
\r
Would there be any objection to a new subpacket type for OpenPGPv4 that\r
would include the remaining 96 bits of the issuer's fingerprint?  (the\r
"high 96" proposal)\r
\r
Alternately, what about a new subpacket type that simply includes the\r
entire 160 bits of the issuer's fingerprint?   (the "full fingerprint"\r
proposal)\r
\r
A third proposal would be a new subpacket type that simply includes the\r
entire public key of the issuer (the "full pubkey" proposal).\r
\r
I lean toward "high 96", since using it in conjunction with the issuer\r
subpacket retains backward compatibility with existing tools (which know\r
how to interpret the issuer subpacket) while introducing the smallest\r
amount of additional data per signature.\r
\r
Given that the size of a signature from a 2048-bit RSA key is 256 bytes\r
already, adding an additional 12 bytes (plus a few bytes of subpacket\r
overhead) per signature doesn't seem particularly excessive.\r
\r
I'm also assuming that the typical use of this subpacket would be in the\r
unhashed section of a signature packet, since it is an advisory field\r
and not intended to address attacks against an adversary capable of\r
tampering directly with the data in the signature itself.\r
\r
I will write code to implement this using an experimental subpacket ID,\r
but i'd like to know if anyone has any caveats, concerns, or preferences\r
between the proposals i've outlined above (or entirely different\r
proposals that would address the underlying concern).\r
\r
Any thoughts?\r
\r
Regards,\r
\r
        --dkg\r
\r
\r
--------------enigFBFACFA426B5BF54C7C24A9A\r
Content-Type: application/pgp-signature; name="signature.asc"\r
Content-Description: OpenPGP digital signature\r
Content-Disposition: attachment; filename="signature.asc"\r
\r
-----BEGIN PGP SIGNATURE-----\r
Version: GnuPG v1.4.11 (GNU/Linux)\r
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r
\r
iQIcBAEBCgAGBQJNNPEzAAoJEMzS7ZTSFznpto0P/2cuF3qAuFZQru7IABrZiYvx\r
r7W45B1wY+wlniVtgPqlviDuxY6AOIaubIMU+Tkp+805C8XfvZVLNRExlOAxF/K9\r
paoNHkX18dys2HVK9EHosS71c866iK+cK736U9XUIKvI9w5pTFXPevFLnCDTbuge\r
ZWVG6LCJ22UqIDsRpMSlO6NmR7w0+0DBwfNS56K6FwXZxWUc9VgPq7O7H3B0/S1K\r
qFUktRg4W6Rs0jZbiIVVNa9n6YJFfQnjZC0Nl1suJmJECm0zx3KJGu0CUeegqnmj\r
15G7TytUv1EELxlHMjMXRjBs3MLuSytL1aPu8v+Fbg1NyRuNdZWDqCoxCedXzJJ+\r
7x9Ztbk/XcQllXGQTnrJcicmVjDapp2wGge2YYwdzVLzxcNdEaO+vBYDewx2/QCN\r
4xIWtghVACDaImFgvX5KnbFkYlyHIudlLSEdFqmXS70U1R50JS6MtePTQEFxohAB\r
j3MaDUSrMcp7oKRBg/0HPHw4n0iKnTpG40XeKodSM52KU+RPvjtJQPb/gP/alBmb\r
nwp1bqpBzIaboXYnmA1AhFZg9sILj930OJN97A1Ipu5ucSvvLjeSn/ndZgLDFXcm\r
64Xq+Bdxvyfv7B+rveqQCiaZgYKBvDGM/p4MlRyCUAx7VZHbbvOY3PL0L3ikbK1F\r
77U94cUaFjqGgW0N9k8p\r
=zeOX\r
-----END PGP SIGNATURE-----\r
\r
--------------enigFBFACFA426B5BF54C7C24A9A--\r