Re: [PATCH] test: replace aging OpenPGP key used in the test suite

unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed

From: Michael J Gruber <michaeljgruber+grubix+git@gmail.com>
To: Justus Winter <justus@sequoia-pgp.org>
Cc: notmuch@notmuchmail.org
Subject: Re: [PATCH] test: replace aging OpenPGP key used in the test suite
Date: Thu, 22 Sep 2022 12:21:46 +0200	[thread overview]
Message-ID: <CAA19uiSWmwGoxGCiFMOWRg_RUKAQ5PkJamDmV4zJ4WX_fQ9iCA@mail.gmail.com> (raw)
In-Reply-To: <87mtar3eda.fsf@europ.lan>

Am Do., 22. Sept. 2022 um 12:14 Uhr schrieb Justus Winter
<justus@sequoia-pgp.org>:
>
> Michael J Gruber <michaeljgruber+grubix+git@gmail.com> writes:
>
> > Am Do., 22. Sept. 2022 um 10:47 Uhr schrieb Justus Winter
> > <justus@sequoia-pgp.org>:
> >>
> >> This replaces the old OpenPGPv4 key that is used in the test suite
> >> with a more modern OpenPGPv4 key.  All cryptographic artifacts in the
> >
> > Both v4? Only one key file is named v4.
>
> Yes, the old key was also a v4 key.  In this context, OpenPGP v4 was
> standardized in 1998.  So when the old key was created, v4 was and has
> been for a long time *the* version of OpenPGP.  It didn't seem to make
> sense to specify the version.
>
> Now, v5 is around the corner, so it makes sense to make the version
> explicit.  That'll help when we introduce v5 artifacts.
>
> >> @@ -6,7 +6,7 @@ Message-ID: <simple-signed-mail@crypto.notmuchmail.org>
> >>  MIME-Version: 1.0
> >>  Content-Type: multipart/signed; boundary="=-=-=";
> >>   protocol="application/pgp-signature";
> >> - micalg=pgp-sha512
> >> + micalg=pgp-sha256
> >
> > You are downgrading the hash algo here and in the other regenerated
> > signatures. This is not wrong per-se, I'm just wondering whether it is
> > intentional (or forced by the standard) when the aim of this series is
> > future-proofing. sha256 is the current "replacement" for sha1, which
> > means it's the one which will be replaced next ;)
>
> Yes I am.  It happened when I re-created the signature.  Recreating the
> artifacts was somewhat tedious (I'm working on tooling for that, but the
> changes to notmuch I created by hand), so I opted for the easiest fix.
>
> WRT future proofing: SHA256 is the only mandatory to implement hash
> algorithm in v5 OpenPGP.  Therefore, when SHA256 falls, we will
> hopefully have specified v6 OpenPGP which moved to a new MTI hash
> algorithm.  So, for a v4 OpenPGP artifact, SHA256 is and will forever be
> more than appropriate.
>
> Best,
> Justus

Thanks for clarifying, sounds good to me!

Michael

next prev parent reply	other threads:[~2022-09-22 10:30 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-09 16:12 [PATCH 1/2] test: compute expected keyid from fingerprint Justus Winter
2022-09-09 16:13 ` [PATCH 2/2] test: replace aging OpenPGP key used in the test suite Justus Winter
2022-09-11 17:09   ` Daniel Kahn Gillmor
2022-09-20  1:27   ` David Bremner
2022-09-22  8:46     ` [PATCH] " Justus Winter
2022-09-22 10:01       ` Michael J Gruber
2022-09-22 10:14         ` Justus Winter
2022-09-22 10:21           ` Michael J Gruber [this message]
2022-09-23 15:49       ` Daniel Kahn Gillmor
2022-09-23 23:19       ` David Bremner
2022-09-11 17:20 ` [PATCH 1/2] test: compute expected keyid from fingerprint Tomi Ollila
2022-09-11 21:50   ` Justus Winter
2022-09-12 18:38     ` Daniel Kahn Gillmor
2022-09-16 16:42       ` Tomi Ollila

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://notmuchmail.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAA19uiSWmwGoxGCiFMOWRg_RUKAQ5PkJamDmV4zJ4WX_fQ9iCA@mail.gmail.com \
    --to=michaeljgruber+grubix+git@gmail.com \
    --cc=justus@sequoia-pgp.org \
    --cc=notmuch@notmuchmail.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://yhetil.org/notmuch.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).