From: Michael J Gruber <michaeljgruber+grubix+git@gmail.com>
To: Justus Winter <justus@sequoia-pgp.org>
Cc: notmuch@notmuchmail.org
Subject: Re: [PATCH] test: replace aging OpenPGP key used in the test suite
Date: Thu, 22 Sep 2022 12:21:46 +0200 [thread overview]
Message-ID: <CAA19uiSWmwGoxGCiFMOWRg_RUKAQ5PkJamDmV4zJ4WX_fQ9iCA@mail.gmail.com> (raw)
In-Reply-To: <87mtar3eda.fsf@europ.lan>
Am Do., 22. Sept. 2022 um 12:14 Uhr schrieb Justus Winter
<justus@sequoia-pgp.org>:
>
> Michael J Gruber <michaeljgruber+grubix+git@gmail.com> writes:
>
> > Am Do., 22. Sept. 2022 um 10:47 Uhr schrieb Justus Winter
> > <justus@sequoia-pgp.org>:
> >>
> >> This replaces the old OpenPGPv4 key that is used in the test suite
> >> with a more modern OpenPGPv4 key. All cryptographic artifacts in the
> >
> > Both v4? Only one key file is named v4.
>
> Yes, the old key was also a v4 key. In this context, OpenPGP v4 was
> standardized in 1998. So when the old key was created, v4 was and has
> been for a long time *the* version of OpenPGP. It didn't seem to make
> sense to specify the version.
>
> Now, v5 is around the corner, so it makes sense to make the version
> explicit. That'll help when we introduce v5 artifacts.
>
> >> @@ -6,7 +6,7 @@ Message-ID: <simple-signed-mail@crypto.notmuchmail.org>
> >> MIME-Version: 1.0
> >> Content-Type: multipart/signed; boundary="=-=-=";
> >> protocol="application/pgp-signature";
> >> - micalg=pgp-sha512
> >> + micalg=pgp-sha256
> >
> > You are downgrading the hash algo here and in the other regenerated
> > signatures. This is not wrong per-se, I'm just wondering whether it is
> > intentional (or forced by the standard) when the aim of this series is
> > future-proofing. sha256 is the current "replacement" for sha1, which
> > means it's the one which will be replaced next ;)
>
> Yes I am. It happened when I re-created the signature. Recreating the
> artifacts was somewhat tedious (I'm working on tooling for that, but the
> changes to notmuch I created by hand), so I opted for the easiest fix.
>
> WRT future proofing: SHA256 is the only mandatory to implement hash
> algorithm in v5 OpenPGP. Therefore, when SHA256 falls, we will
> hopefully have specified v6 OpenPGP which moved to a new MTI hash
> algorithm. So, for a v4 OpenPGP artifact, SHA256 is and will forever be
> more than appropriate.
>
> Best,
> Justus
Thanks for clarifying, sounds good to me!
Michael
next prev parent reply other threads:[~2022-09-22 10:30 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-09 16:12 [PATCH 1/2] test: compute expected keyid from fingerprint Justus Winter
2022-09-09 16:13 ` [PATCH 2/2] test: replace aging OpenPGP key used in the test suite Justus Winter
2022-09-11 17:09 ` Daniel Kahn Gillmor
2022-09-20 1:27 ` David Bremner
2022-09-22 8:46 ` [PATCH] " Justus Winter
2022-09-22 10:01 ` Michael J Gruber
2022-09-22 10:14 ` Justus Winter
2022-09-22 10:21 ` Michael J Gruber [this message]
2022-09-23 15:49 ` Daniel Kahn Gillmor
2022-09-23 23:19 ` David Bremner
2022-09-11 17:20 ` [PATCH 1/2] test: compute expected keyid from fingerprint Tomi Ollila
2022-09-11 21:50 ` Justus Winter
2022-09-12 18:38 ` Daniel Kahn Gillmor
2022-09-16 16:42 ` Tomi Ollila
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAA19uiSWmwGoxGCiFMOWRg_RUKAQ5PkJamDmV4zJ4WX_fQ9iCA@mail.gmail.com \
--to=michaeljgruber+grubix+git@gmail.com \
--cc=justus@sequoia-pgp.org \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).