Re: [Sks-devel] about ECC and collisions

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] about ECC and collisions

From:	Daniel Kahn Gillmor
Subject:	Re: [Sks-devel] about ECC and collisions
Date:	Mon, 04 Apr 2011 13:20:01 -0400
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.15) Gecko/20110402 Icedove/3.1.9

On 04/04/2011 06:40 AM, Jean-Jacques Brucker wrote:
> 1- As ECC crypto is soon available in gnupg, I am asking if sks key servers 
> won't have problems managing them.
> 
> (That is  a great feature I am waiting for to use gpg with signing chains)
> 
> But the ECC curves are smaller than RSA or DSA keys, full collisions have 
> more chances* to occurs (especially for NIST P-256).
> (*note: maybe more that asteroid-human collisions :-) ). 

i'm pretty confused by this claim.  a collision in the fingerprint space
would be pretty devastating to all OpenPGP implementations i know of,
and the fingerprint space (160 bits) is significantly smaller than
P-256.  I don't think an ECC key collision is worth worrying about.

> 2- I like to know how sks key servers manage 2 identical keys inside 
> different certificates.
> Is a warning sent to the owners of the same key ?

No SKS keyservers that i know of send any notifications to any
keyholders.  If you want to be alerted about a change in your key, or
the presence of other keys, you'll need do regular queries yourself.

I also don't know of any way that you can (via HKP) query an SKS
keyserver for specific matches of key material.  You can query by user
ID and by key fingerprint, but the key fingerprint is computed over a
digest of a timestamp + the key material.  so it's possible to have two
identical keys with different fingerprints.  this makes querying for
specific keys difficult (though i'd be happy to learn that there was a
way to do it).

> 3- When key ID collision occurs how to differentiate them with gnupg ? Is 
> there a way to get only one of them from key servers (eg. for key ID 
> A56E15A3, sorry if it's maybe not the place to ask that question).

The gnupg-specific part of this question is probably best asked on the
gnupg-users list.  More generally, you might be interested in the
discussion started recently by David Shaw on the IETF's OpenPGP WG
mailing list:

 http://www.imc.org/ietf-openpgp/mail-archive/msg10684.html

the short version is: GnuPG's current implementation (as of 1.4.11 and
2.0.17) does not deal well with duplicate key IDs. :(

hth,

        --dkg

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] about ECC and collisions, Jean-Jacques Brucker, 2011/04/04
- Re: [Sks-devel] about ECC and collisions, Daniel Kahn Gillmor <=
  - Re: [Sks-devel] about ECC and collisions, Jean-Jacques Brucker, 2011/04/05
    - Re: [Sks-devel] about ECC and collisions, Daniel Kahn Gillmor, 2011/04/05
    - Re: [Sks-devel] about ECC and collisions, Jeff Johnson, 2011/04/05
    - Re: [Sks-devel] about ECC and collisions, Daniel Kahn Gillmor, 2011/04/05
    - Re: [Sks-devel] about ECC and collisions, Jeff Johnson, 2011/04/05

Prev by Date: Re: [Sks-devel] pool.sks-keyservers.net in seahorse
Next by Date: Re: [Sks-devel] Are IPv6-only keyservers acceptable in the pool?
Previous by thread: [Sks-devel] about ECC and collisions
Next by thread: Re: [Sks-devel] about ECC and collisions
Index(es):
- Date
- Thread