b0/29c9d0c220b7b85d6533120c1bbda6a4115573

   1 Return-Path: <pgut001@login01.cs.auckland.ac.nz>\r
   2 X-Original-To: notmuch@notmuchmail.org\r
   3 Delivered-To: notmuch@notmuchmail.org\r
   4 Received: from localhost (localhost [127.0.0.1])\r
   5         by olra.theworths.org (Postfix) with ESMTP id 3C2B1431FB6\r
   6         for <notmuch@notmuchmail.org>; Mon, 17 Jan 2011 18:52:33 -0800 (PST)\r
   7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
   8 X-Spam-Flag: NO\r
   9 X-Spam-Score: -0.7\r
  10 X-Spam-Level: \r
  11 X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5\r
  12         tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7]\r
  13         autolearn=disabled\r
  14 Received: from olra.theworths.org ([127.0.0.1])\r
  15         by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
  16         with ESMTP id j8aizCByDQV3 for <notmuch@notmuchmail.org>;\r
  17         Mon, 17 Jan 2011 18:52:29 -0800 (PST)\r
  18 X-Greylist: delayed 618 seconds by postgrey-1.32 at olra;\r
  19         Mon, 17 Jan 2011 18:52:29 PST\r
  20 Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41])\r
  21         (using TLSv1 with cipher RC4-SHA (128/128 bits))\r
  22         (No client certificate requested)\r
  23         by olra.theworths.org (Postfix) with ESMTPS id 059AD431FB5\r
  24         for <notmuch@notmuchmail.org>; Mon, 17 Jan 2011 18:52:28 -0800 (PST)\r
  25 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;\r
  26         d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz;\r
  27         q=dns/txt; s=uoa; t=1295319149; x=1326855149;\r
  28         h=from:to:subject:cc:in-reply-to:message-id:date;\r
  29         z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz>\r
  30         |To:=20ietf-openpgp@imc.org,=20jon@callas.org|Subject:=20\r
  31         Re:=20including=20the=20entire=20fingerprint=20of=20the\r
  32         =20issuer=20in=20an=20OpenPGP=20certification|Cc:=20notmu\r
  33         ch@notmuchmail.org|In-Reply-To:=20<AFC1EADB-7F7E-4090-A85\r
  34         8-8C0012C9ED94@callas.org>|Message-Id:=20<E1Pf1WI-0007aL-\r
  35         EN@login01.fos.auckland.ac.nz>|Date:=20Tue,=2018=20Jan=20\r
  36         2011=2015:42:06=20+1300;\r
  37         bh=3DMPLArlr7HcMTiIHRGvceJOoZFivevah/uYaAEDYOA=;\r
  38         b=JLJ8X08SlgjUQgs9PA+j2j0ZgnKGuMOc5LVQe5pYacDWQq+nQjNNfTLG\r
  39         T96j2dS0wLJVvXYLuvneD0De1jBWXQdIR0wIOgIBUmx6MsUWxeH1qmN4F\r
  40         g/on2Zq/BWJhBzV/7n8jgEc4MuDOWO49FAKBOOMunq4ETc8RydkLlk48A k=;\r
  41 X-IronPort-AV: E=Sophos;i="4.60,336,1291546800"; d="scan'208";a="42689730"\r
  42 X-Ironport-HAT: APP-SERVERS - $RELAYED\r
  43 X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing\r
  44 Received: from mf1.fos.auckland.ac.nz ([130.216.33.150])\r
  45         by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA;\r
  46         18 Jan 2011 15:42:06 +1300\r
  47 Received: from login01.fos.auckland.ac.nz ([130.216.34.40])\r
  48         by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)\r
  49         (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>)\r
  50         id 1Pf1WI-000611-Hh; Tue, 18 Jan 2011 15:42:06 +1300\r
  51 Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69)\r
  52         (envelope-from <pgut001@login01.cs.auckland.ac.nz>)\r
  53         id 1Pf1WI-0007aL-EN; Tue, 18 Jan 2011 15:42:06 +1300\r
  54 From: Peter Gutmann <pgut001@cs.auckland.ac.nz>\r
  55 To: ietf-openpgp@imc.org, jon@callas.org\r
  56 Subject: Re: including the entire fingerprint of the issuer in an OpenPGP\r
  57         certification\r
  58 In-Reply-To: <AFC1EADB-7F7E-4090-A858-8C0012C9ED94@callas.org>\r
  59 Message-Id: <E1Pf1WI-0007aL-EN@login01.fos.auckland.ac.nz>\r
  60 Date: Tue, 18 Jan 2011 15:42:06 +1300\r
  61 X-Mailman-Approved-At: Tue, 18 Jan 2011 12:27:11 -0800\r
  62 Cc: notmuch@notmuchmail.org\r
  63 X-BeenThere: notmuch@notmuchmail.org\r
  64 X-Mailman-Version: 2.1.13\r
  65 Precedence: list\r
  66 List-Id: "Use and development of the notmuch mail system."\r
  67         <notmuch.notmuchmail.org>\r
  68 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
  69         <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
  70 List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
  71 List-Post: <mailto:notmuch@notmuchmail.org>\r
  72 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
  73 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
  74         <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
  75 X-List-Received-Date: Tue, 18 Jan 2011 02:52:33 -0000\r
  76 \r
  77 Jon Callas <jon@callas.org> writes:\r
  78 \r
  79 >On the other hand, this has never been a problem. It's harder than you think, \r
  80 >because you have to generate a new key each time, which takes a while on RSA.\r
  81 \r
  82 Only if you want a secure key. For SSH fuzzy fingerprinting the limiting \r
  83 factor is the hashing, not the rate at which you can crank out keys, as long \r
  84 as you don't mind that the keys aren't very secure. OK, they're not secure at \r
  85 all, but that doesn't matter since you're going for spoofing, not a secure \r
  86 signature forgery.\r
  87 \r
  88 Peter.\r