From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id IA07M5c1LGM2OAAAbAwnHQ (envelope-from ) for ; Thu, 22 Sep 2022 12:14:47 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id IINRM5c1LGPodwEA9RJhRA (envelope-from ) for ; Thu, 22 Sep 2022 12:14:47 +0200 Received: from mail.notmuchmail.org (yantan.tethera.net [IPv6:2a01:4f9:c011:7a79::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 91590238E9 for ; Thu, 22 Sep 2022 12:14:47 +0200 (CEST) Received: from yantan.tethera.net (localhost [127.0.0.1]) by mail.notmuchmail.org (Postfix) with ESMTP id 51D215F3E2; Thu, 22 Sep 2022 10:14:45 +0000 (UTC) Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) by mail.notmuchmail.org (Postfix) with ESMTPS id 3EDA25F35B for ; Thu, 22 Sep 2022 10:14:42 +0000 (UTC) Received: (qmail 16020 invoked by uid 500); 22 Sep 2022 10:14:41 -0000 From: Justus Winter To: Michael J Gruber Subject: Re: [PATCH] test: replace aging OpenPGP key used in the test suite In-Reply-To: References: <87r1067s2q.fsf@tethera.net> <20220922084606.2724143-1-justus@sequoia-pgp.org> Date: Thu, 22 Sep 2022 12:14:25 +0200 Message-ID: <87mtar3eda.fsf@europ.lan> MIME-Version: 1.0 X-Rspamd-Bar: ---- X-Rspamd-Report: MIME_GOOD(-0.2) SIGNED_PGP(-2) BAYES_HAM(-2.234461) X-Rspamd-Score: -4.434461 Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/2.8.28) with ESMTPSA; Thu, 22 Sep 2022 12:14:41 +0200 Message-ID-Hash: VROTMXZT44GBPMOHJ4J2NZLEAAS6XFWY X-Message-ID-Hash: VROTMXZT44GBPMOHJ4J2NZLEAAS6XFWY X-MailFrom: justus@sequoia-pgp.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-notmuch.notmuchmail.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: notmuch@notmuchmail.org X-Mailman-Version: 3.3.3 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: multipart/mixed; boundary="===============8457990553624011848==" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: DE ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1663841687; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:list-id:list-help: list-owner:list-unsubscribe:list-subscribe:list-post; bh=VOCWJb2trX7mLf9XK6PkmAyHuIkqDEbcks/9FPheqOw=; b=E1W3ExswpWOJv5pV2NMHdUWtF9FMDpnnrY923bWe+ZpgHHkpmLX4mNUw/nGICo3jjJFyH/ shSBdTspBEjv3qBEgz07kBNAEhZ8plzg6C3+GrycA7NeQ5pUcypwsobB9Keqzn0gpKQW6D HDkqfMOb0zTN5y8N2fAKT/PkkWL8mPem5+BGfTKrVTS0mDxlN3dYuxdZydoYHy/qa0X23/ vAzfazFiJlTS1QSmIbAwF7VA8RWXzcLOgwR9zoPtmWPPh7+M++CRu4HzLO4QkAN9kr9BTA Sqfd3IW2NZpmFSes7TG7Kb/HC3PCCzKeL8U5M6uFjQL3YaFn+MJSPS+yaSPtcA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1663841687; a=rsa-sha256; cv=none; b=K18F5ON3rKGGnEF6D1hN+vJl1tdNoDoS+K3rm3RZCuqZvQUSJxBR5KocrP8Vh5td0H1W/B caExuIcB8xxPL1y6LETl8/Dsndgdtl3zPvxanNwmxjhapoTGkRvdZn22VzkIrNd5eMQWr3 4FKOz/jREd0g15z/YbLGLmaGlm+hM4/vVgE70ysEoO/VwSeIPRGSZm4r5vk1qtpXAK6MJO MaoQR237XpI98wYURYvXz68ZCTaRlrTql4YIKfLEp4ARrWXx9rryelwyx/m0uNq0YkI/Rv UQkpWt8XmZdCF02VnQiFeDa2uM/FprY89RtJCZlWmdLfeDkZSc1exBc3jx6hfg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2a01:4f9:c011:7a79::1 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Migadu-Spam-Score: -4.11 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2a01:4f9:c011:7a79::1 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Migadu-Queue-Id: 91590238E9 X-Spam-Score: -4.11 X-Migadu-Scanner: scn1.migadu.com X-TUID: z1QkY4q6nMxp --===============8457990553624011848== Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" --=-=-= Content-Type: text/plain Michael J Gruber writes: > Am Do., 22. Sept. 2022 um 10:47 Uhr schrieb Justus Winter > : >> >> This replaces the old OpenPGPv4 key that is used in the test suite >> with a more modern OpenPGPv4 key. All cryptographic artifacts in the > > Both v4? Only one key file is named v4. Yes, the old key was also a v4 key. In this context, OpenPGP v4 was standardized in 1998. So when the old key was created, v4 was and has been for a long time *the* version of OpenPGP. It didn't seem to make sense to specify the version. Now, v5 is around the corner, so it makes sense to make the version explicit. That'll help when we introduce v5 artifacts. >> @@ -6,7 +6,7 @@ Message-ID: >> MIME-Version: 1.0 >> Content-Type: multipart/signed; boundary="=-=-="; >> protocol="application/pgp-signature"; >> - micalg=pgp-sha512 >> + micalg=pgp-sha256 > > You are downgrading the hash algo here and in the other regenerated > signatures. This is not wrong per-se, I'm just wondering whether it is > intentional (or forced by the standard) when the aim of this series is > future-proofing. sha256 is the current "replacement" for sha1, which > means it's the one which will be replaced next ;) Yes I am. It happened when I re-created the signature. Recreating the artifacts was somewhat tedious (I'm working on tooling for that, but the changes to notmuch I created by hand), so I opted for the easiest fix. WRT future proofing: SHA256 is the only mandatory to implement hash algorithm in v5 OpenPGP. Therefore, when SHA256 falls, we will hopefully have specified v6 OpenPGP which moved to a new MTI hash algorithm. So, for a v4 OpenPGP artifact, SHA256 is and will forever be more than appropriate. Best, Justus --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFLBAEBCgA1FiEEJWpOVeSnLZetJGjniNx+MzhfeR0FAmMsNYEXHGp1c3R1c0Bz ZXF1b2lhLXBncC5vcmcACgkQiNx+MzhfeR120wf+NyZyze5UnXwBCRGj4atgA4ck v4Tt75MHa9K4r84DCiogbDequAxu88PBKiM9KwMKPqGi9DbpmcCpG1KF7PYMb37s XYXcOI9FzTbcb99IVtuT5MzB6u7rMTcvRV28niJAsmahKLSSrMJPialcdHjWM6xu IITO96SYfw7IqSTpPmzuBlvGn7PWglHfax0B1yVrSLEJHxWXbZcFqPMh4weExmAS 5BokmWX/We4zONoTGAx4ROFf11+Cidf16EypNZupiyxlvCXWVNtESUc0gBA1Rvtg 7EgLYkAsfXVtP2CL4Wd5MrA8eP1I7ZpUnBUh+4dZlLbQfnW7LRJdKXH7hS8GRQ== =+lqy -----END PGP SIGNATURE----- --=-=-=-- --===============8457990553624011848== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============8457990553624011848==--