Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 3C2B1431FB6 for ; Mon, 17 Jan 2011 18:52:33 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -0.7 X-Spam-Level: X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8aizCByDQV3 for ; Mon, 17 Jan 2011 18:52:29 -0800 (PST) X-Greylist: delayed 618 seconds by postgrey-1.32 at olra; Mon, 17 Jan 2011 18:52:29 PST Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id 059AD431FB5 for ; Mon, 17 Jan 2011 18:52:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1295319149; x=1326855149; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20 |To:=20ietf-openpgp@imc.org,=20jon@callas.org|Subject:=20 Re:=20including=20the=20entire=20fingerprint=20of=20the =20issuer=20in=20an=20OpenPGP=20certification|Cc:=20notmu ch@notmuchmail.org|In-Reply-To:=20|Message-Id:=20|Date:=20Tue,=2018=20Jan=20 2011=2015:42:06=20+1300; bh=3DMPLArlr7HcMTiIHRGvceJOoZFivevah/uYaAEDYOA=; b=JLJ8X08SlgjUQgs9PA+j2j0ZgnKGuMOc5LVQe5pYacDWQq+nQjNNfTLG T96j2dS0wLJVvXYLuvneD0De1jBWXQdIR0wIOgIBUmx6MsUWxeH1qmN4F g/on2Zq/BWJhBzV/7n8jgEc4MuDOWO49FAKBOOMunq4ETc8RydkLlk48A k=; X-IronPort-AV: E=Sophos;i="4.60,336,1291546800"; d="scan'208";a="42689730" X-Ironport-HAT: APP-SERVERS - $RELAYED X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 18 Jan 2011 15:42:06 +1300 Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1Pf1WI-000611-Hh; Tue, 18 Jan 2011 15:42:06 +1300 Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from ) id 1Pf1WI-0007aL-EN; Tue, 18 Jan 2011 15:42:06 +1300 From: Peter Gutmann To: ietf-openpgp@imc.org, jon@callas.org Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification In-Reply-To: Message-Id: Date: Tue, 18 Jan 2011 15:42:06 +1300 X-Mailman-Approved-At: Tue, 18 Jan 2011 12:27:11 -0800 Cc: notmuch@notmuchmail.org X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2011 02:52:33 -0000 Jon Callas writes: >On the other hand, this has never been a problem. It's harder than you think, >because you have to generate a new key each time, which takes a while on RSA. Only if you want a secure key. For SSH fuzzy fingerprinting the limiting factor is the hashing, not the rate at which you can crank out keys, as long as you don't mind that the keys aren't very secure. OK, they're not secure at all, but that doesn't matter since you're going for spoofing, not a secure signature forgery. Peter.