Re: [PATCH] test: replace aging OpenPGP key used in the test suite

unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed

From: Justus Winter <justus@sequoia-pgp.org>
To: Michael J Gruber <michaeljgruber+grubix+git@gmail.com>
Cc: notmuch@notmuchmail.org
Subject: Re: [PATCH] test: replace aging OpenPGP key used in the test suite
Date: Thu, 22 Sep 2022 12:14:25 +0200	[thread overview]
Message-ID: <87mtar3eda.fsf@europ.lan> (raw)
In-Reply-To: <CAA19uiR83uGveQpQbsv6ZWHo2fNugA=BdktKYiDeOUtCaz0gwQ@mail.gmail.com>

[-- Attachment #1.1: Type: text/plain, Size: 1817 bytes --]

Michael J Gruber <michaeljgruber+grubix+git@gmail.com> writes:

> Am Do., 22. Sept. 2022 um 10:47 Uhr schrieb Justus Winter
> <justus@sequoia-pgp.org>:
>>
>> This replaces the old OpenPGPv4 key that is used in the test suite
>> with a more modern OpenPGPv4 key.  All cryptographic artifacts in the
>
> Both v4? Only one key file is named v4.

Yes, the old key was also a v4 key.  In this context, OpenPGP v4 was
standardized in 1998.  So when the old key was created, v4 was and has
been for a long time *the* version of OpenPGP.  It didn't seem to make
sense to specify the version.

Now, v5 is around the corner, so it makes sense to make the version
explicit.  That'll help when we introduce v5 artifacts.

>> @@ -6,7 +6,7 @@ Message-ID: <simple-signed-mail@crypto.notmuchmail.org>
>>  MIME-Version: 1.0
>>  Content-Type: multipart/signed; boundary="=-=-=";
>>   protocol="application/pgp-signature";
>> - micalg=pgp-sha512
>> + micalg=pgp-sha256
>
> You are downgrading the hash algo here and in the other regenerated
> signatures. This is not wrong per-se, I'm just wondering whether it is
> intentional (or forced by the standard) when the aim of this series is
> future-proofing. sha256 is the current "replacement" for sha1, which
> means it's the one which will be replaced next ;)

Yes I am.  It happened when I re-created the signature.  Recreating the
artifacts was somewhat tedious (I'm working on tooling for that, but the
changes to notmuch I created by hand), so I opted for the easiest fix.

WRT future proofing: SHA256 is the only mandatory to implement hash
algorithm in v5 OpenPGP.  Therefore, when SHA256 falls, we will
hopefully have specified v6 OpenPGP which moved to a new MTI hash
algorithm.  So, for a v4 OpenPGP artifact, SHA256 is and will forever be
more than appropriate.

Best,
Justus

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

next prev parent reply	other threads:[~2022-09-22 10:14 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-09 16:12 [PATCH 1/2] test: compute expected keyid from fingerprint Justus Winter
2022-09-09 16:13 ` [PATCH 2/2] test: replace aging OpenPGP key used in the test suite Justus Winter
2022-09-11 17:09   ` Daniel Kahn Gillmor
2022-09-20  1:27   ` David Bremner
2022-09-22  8:46     ` [PATCH] " Justus Winter
2022-09-22 10:01       ` Michael J Gruber
2022-09-22 10:14         ` Justus Winter [this message]
2022-09-22 10:21           ` Michael J Gruber
2022-09-23 15:49       ` Daniel Kahn Gillmor
2022-09-23 23:19       ` David Bremner
2022-09-11 17:20 ` [PATCH 1/2] test: compute expected keyid from fingerprint Tomi Ollila
2022-09-11 21:50   ` Justus Winter
2022-09-12 18:38     ` Daniel Kahn Gillmor
2022-09-16 16:42       ` Tomi Ollila

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://notmuchmail.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87mtar3eda.fsf@europ.lan \
    --to=justus@sequoia-pgp.org \
    --cc=michaeljgruber+grubix+git@gmail.com \
    --cc=notmuch@notmuchmail.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://yhetil.org/notmuch.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).