From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 2OqtLzs5LGO5AwAAbAwnHQ (envelope-from ) for ; Thu, 22 Sep 2022 12:30:19 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id kI2ALzs5LGM21QAAauVa8A (envelope-from ) for ; Thu, 22 Sep 2022 12:30:19 +0200 Received: from mail.notmuchmail.org (yantan.tethera.net [135.181.149.255]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 91AF8410E9 for ; Thu, 22 Sep 2022 12:30:19 +0200 (CEST) Received: from yantan.tethera.net (localhost [127.0.0.1]) by mail.notmuchmail.org (Postfix) with ESMTP id 230785F3D0; Thu, 22 Sep 2022 10:22:01 +0000 (UTC) Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) by mail.notmuchmail.org (Postfix) with ESMTPS id D734B5F35B for ; Thu, 22 Sep 2022 10:21:58 +0000 (UTC) Received: by mail-io1-xd36.google.com with SMTP id p202so993523iod.6 for ; Thu, 22 Sep 2022 03:21:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=YLMlxqMIuBRG5/umsIsiLaYJCPWTJfrInDN69XBnauc=; b=j/uwjNQdA9SYGuiqW766Kh5Kju85vk/uU8KkiqzXmZnOwCo9I2WPIJUck6ppmPRH6M qyzktjs6iOpaMtyvyO5fTvcGkab1EbUVTsyGoJ3+a12WfayxEPYxyfZ076JtDPaeWW3l pN9r2+0iKiQdmjEik80XwGSNdWToZ3G9UYaMA0Tnlicfv1I1TTtx6TqpZeTPUOCmjxyk Y7wn98yMnWtHnLA96xiEJdFtGqOkPV7vCg9Obq/ku888gSrm8dGMdzGhNjyOE7tGRVZ2 sYTHvTaqI95GfjWTdK6D28R/y2TvjZMkPi+xCcrJ2QxVS9SZnn0M56Z5Ya7Kt1Zf5B2G 0+gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=YLMlxqMIuBRG5/umsIsiLaYJCPWTJfrInDN69XBnauc=; b=lv/GVOCRsoLREBTLBFSlSmNBlV45356OvorWIVAPsCKWjpfRXfw33SktmKrDNy+zL8 Dxu3OgEo/GBeVyCC2x41ALmQZEBrkE1YtQx/29HoN3ae1rXc5xGSXSxmZQTZ2yDxz0rI X6dVIzr8nlP3a3bPDX12QwlQ9RAvY0+HVOMr8pwMIEh02Rl/h39Qx3LqKfKHwt5fTbCm 3Ll143Jr3UWkPLHj6LjbMDPogIjPaGXiZv8hwignR/tZLiLqAVFGisIvjG+CNFDSuON1 9pDk+HNSos0ZIh/oGkagFxgflImNuX1YWMR5h3XkgqpsjyRWUwOj12y23e9d/8lW9fDd +2AA== X-Gm-Message-State: ACrzQf1x6o6/lihWkv97f1Xa60zJwEfBsEzpHmq/x5qviozXUIe7UYqR FoXm+BAdsRLIKazauEmuTx1wqPNJkcmFKyixMHA/I8D1Bgw= X-Google-Smtp-Source: AMsMyM4RpxbKatraGO7VaUawX5Dq6khK9RACj7vVn2tqu9JR141W3t61sTurPpapCVc4ZLPLOmnrCJMH1ifLTXi6EXk= X-Received: by 2002:a05:6638:dd4:b0:35a:60f6:b674 with SMTP id m20-20020a0566380dd400b0035a60f6b674mr1493852jaj.4.1663842117574; Thu, 22 Sep 2022 03:21:57 -0700 (PDT) MIME-Version: 1.0 References: <87r1067s2q.fsf@tethera.net> <20220922084606.2724143-1-justus@sequoia-pgp.org> <87mtar3eda.fsf@europ.lan> In-Reply-To: <87mtar3eda.fsf@europ.lan> From: Michael J Gruber Date: Thu, 22 Sep 2022 12:21:46 +0200 Message-ID: Subject: Re: [PATCH] test: replace aging OpenPGP key used in the test suite To: Justus Winter Message-ID-Hash: N5Z7GTORYW4ZBEMWBYPQ22Z3MA2ZOA5N X-Message-ID-Hash: N5Z7GTORYW4ZBEMWBYPQ22Z3MA2ZOA5N X-MailFrom: michaeljgruber@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-notmuch.notmuchmail.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: notmuch@notmuchmail.org X-Mailman-Version: 3.3.3 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: DE ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1663842619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-owner:list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=kKPHXQ9EcB8fRmlcWU0u1ECVA08sQxm85aHyKH6OzQY=; b=X+Ac+J0z99ujx88M/b8CpbWp0KYQZ+qHN7BOMU3Wjf4NZ/QAPS4URCq3XcxKQ84n2m4x9p cEBP0AKRWzqyjTz5oCHbJnzKtNpfCfN64OOHqdlg6c8zOg1gR5WyrNMWUKi4qF5uGdxSFM 95MB2lMTygRtG+rfO2w/YNZinrPL4SjSftBEddcPQ9Fybfy33Ddcjr4Ts1oYIvV/6fVQVh yf6wFPd9rVGlabcpvsS76LyFsG+Qt+1Rosnx8JQijPaPdovEmhh7f88lBZNg4zXKi4c8tG LfAOyxpXCeADIqrWO6k7cgZT6bkN0qW+6zCRaSSTfdnI2mPimGmhSb9vdPYWtg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1663842619; a=rsa-sha256; cv=none; b=kjcLb2tLoQCcXsVT4ZY7I/HjfKwkEIp2yTD6f5YYbzrBg0L1jX0BkF7J9ePYDByaULzJR5 GQi806uIuOxALja318uH9kLBH74+vMTeJ32LmaGLi+b40MiMCRKQ+KVnFF9/UlxcBrgebm QCsZqhFXqX2TXOWxwCHmOR3V/K/7V9L3iptNyKhj5eowzgjFb7V5J9lnk9E8X6PG5mwJKT wIPSmP9hsuzZBPyLi5fZvzISljUQAmmqn/UjNLPT3hiPF/SxS58nQdBpNKNtJ69XpEzewB R6cDltxaqNqlEok0qzt3ZTbCIFbRTo0f4HJGy0ukYFhL2TdTCPtX2awVgtKTwA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=gmail.com header.s=20210112 header.b="j/uwjNQd"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 135.181.149.255 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Migadu-Spam-Score: 6.96 Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=gmail.com header.s=20210112 header.b="j/uwjNQd"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 135.181.149.255 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Migadu-Queue-Id: 91AF8410E9 X-Spam-Score: 6.96 X-Migadu-Scanner: scn0.migadu.com X-TUID: 4adlwbITelL3 Am Do., 22. Sept. 2022 um 12:14 Uhr schrieb Justus Winter : > > Michael J Gruber writes: > > > Am Do., 22. Sept. 2022 um 10:47 Uhr schrieb Justus Winter > > : > >> > >> This replaces the old OpenPGPv4 key that is used in the test suite > >> with a more modern OpenPGPv4 key. All cryptographic artifacts in the > > > > Both v4? Only one key file is named v4. > > Yes, the old key was also a v4 key. In this context, OpenPGP v4 was > standardized in 1998. So when the old key was created, v4 was and has > been for a long time *the* version of OpenPGP. It didn't seem to make > sense to specify the version. > > Now, v5 is around the corner, so it makes sense to make the version > explicit. That'll help when we introduce v5 artifacts. > > >> @@ -6,7 +6,7 @@ Message-ID: > >> MIME-Version: 1.0 > >> Content-Type: multipart/signed; boundary="=-=-="; > >> protocol="application/pgp-signature"; > >> - micalg=pgp-sha512 > >> + micalg=pgp-sha256 > > > > You are downgrading the hash algo here and in the other regenerated > > signatures. This is not wrong per-se, I'm just wondering whether it is > > intentional (or forced by the standard) when the aim of this series is > > future-proofing. sha256 is the current "replacement" for sha1, which > > means it's the one which will be replaced next ;) > > Yes I am. It happened when I re-created the signature. Recreating the > artifacts was somewhat tedious (I'm working on tooling for that, but the > changes to notmuch I created by hand), so I opted for the easiest fix. > > WRT future proofing: SHA256 is the only mandatory to implement hash > algorithm in v5 OpenPGP. Therefore, when SHA256 falls, we will > hopefully have specified v6 OpenPGP which moved to a new MTI hash > algorithm. So, for a v4 OpenPGP artifact, SHA256 is and will forever be > more than appropriate. > > Best, > Justus Thanks for clarifying, sounds good to me! Michael