Re: OpenBSD signify and "fingerprint"

[Ted Unangst <tedu () tedunangst com>]

On Mon, Dec 29, 2014 at 14:09, Florian Weimer wrote:
> This is just a warning that what OpenBSD's signify tool calls a
> “fingerprint” is very different from the concept of a fingerprint in
> OpenPGP.  It is just a random 64-bit blob with no relationship to the
> raw public key used for signing.  Conceptually, it is similar to the
> OpenPGP key ID (it is used as a quick check that public key and
> signature match), except that it is even more trivial to forge.
>
> Fortunately, typical usage patterns of the signify tool do not expose
> the fingerprint to the user, so there is no immediate temptation to
> use it for validating a key (which is the primary use case for
> fingerprints in OpenPGP).  It is also short (64 bits) and thus not
> very secure to the initiated, no matter how it is computed, but I'm
> not fully convinced that this is a sufficient deterrent.

Yes. The user isn't supposed to believe anything a key says about its
own identity. I tried to make it hard for the user to do that.

I was about to reply that signify doesn't even print the fingerprint,
but unfortunately I see the option to do that is still there. That was
actually supposed to be used for debugging only. That at least is
easily removed.

> Maybe a different term instead of “fingerprint” could be used to
> reduce the potential for confusion.  Something like “key number” or
> “key slot” might be appropriate (because these terms do not confer any
> identifying property).

Thanks. I'll think about it for a bit.