GNU bug report logs - #57576
Missing support for NIPT-P384 gpg algorithm in Guix channel authentication.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Zhu Zihao <all_but_last@HIDDEN>; dated Sun, 4 Sep 2022 12:15:02 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 57576 <at> debbugs.gnu.org:


Received: (at 57576) by debbugs.gnu.org; 7 Sep 2022 12:51:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 07 08:51:35 2022
Received: from localhost ([127.0.0.1]:53927 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oVuWl-0002eP-HF
	for submit <at> debbugs.gnu.org; Wed, 07 Sep 2022 08:51:35 -0400
Received: from eggs.gnu.org ([209.51.188.92]:53400)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>)
 id 1oVuWk-0002eA-GN; Wed, 07 Sep 2022 08:51:34 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:54310)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1oVuWe-0007kg-F6; Wed, 07 Sep 2022 08:51:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=jTcG5OrLi3uuo6aMRrRSmeGvvdON/wwQzNujj73VViU=; b=mFDBNhJmGQ/AwBqHiv5Z
 /eYw8K+/bWoCzr092QVZQPWmHaJASvrg9O23LZfyFCVecVEYAVmzjnfEXVBUzqf0GjO5zXCU8cVIT
 WvuHZx1/KkTIJHjC5tb9NMoAJ60VH8LkZfWhFHoF3ZHsJzSdB9/i0mgz2aMBmnIukn9wQR8dNLnlk
 z6bO843wAcbIX8K+lbxv9plNkVhddF/7Fnla8tG673EWE3qr5EOkBQh7UeiIXlTtlJUZu/vZ0eimW
 deHS/W3M0IvaEet4fiioP0rasO+dC5wBUU4acGVynRprTW7AceMjfPV6759+S6wyMqpHLd+0By8Ta
 bh/yb31+hGd0Hw==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:56722
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1oVuWd-0003Mh-OP; Wed, 07 Sep 2022 08:51:27 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Andreas Enge <andreas@HIDDEN>
Subject: Re: bug#57576: bug#57599: [PATCH] openpgp: Add support for ECDSA
 with NIST curves.
References: <87r10p3ixi.fsf@HIDDEN> <20220905160929.21742-1-ludo@HIDDEN>
 <8735d4zpcf.fsf_-_@HIDDEN>
 <4b1f50af-9694-1439-2223-e9ef5ba7ecec@HIDDEN>
 <87sfl4tgnk.fsf@HIDDEN>
 <86368af7-152b-f943-4ee6-e1471d3cb20c@HIDDEN>
 <YxiIXYVwrstSQqNL@jurong>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Primidi 21 Fructidor an 230 de la =?utf-8?Q?R=C3=A9v?=
 =?utf-8?Q?olution=2C?= jour de
 =?utf-8?Q?l'=C3=89glantier?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Wed, 07 Sep 2022 14:51:25 +0200
In-Reply-To: <YxiIXYVwrstSQqNL@jurong> (Andreas Enge's message of "Wed, 7 Sep
 2022 14:02:37 +0200")
Message-ID: <87bkrrs5yq.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 57576
Cc: 57599 <at> debbugs.gnu.org, Maxime Devos <maximedevos@HIDDEN>,
 Zhu Zihao <all_but_last@HIDDEN>, 57576 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Thanks a lot for the explanations, Andreas!

As you write, the decision will be =E2=80=9Cpolitical=E2=80=9D as there=E2=
=80=99s no scientific
evidence to guide us.

I=E2=80=99d like to see what other free software OpenPGP implementors decid=
ed
(primarily Sequoia; GnuPG/Libgcrypt implement them).

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#57576; Package guix. Full text available.

Message received at 57576 <at> debbugs.gnu.org:


Received: (at 57576) by debbugs.gnu.org; 7 Sep 2022 12:02:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 07 08:02:48 2022
Received: from localhost ([127.0.0.1]:53731 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oVtlY-0001I4-2H
	for submit <at> debbugs.gnu.org; Wed, 07 Sep 2022 08:02:48 -0400
Received: from hera.aquilenet.fr ([185.233.100.1]:60714)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andreas@HIDDEN>)
 id 1oVtlV-0001Ho-W7; Wed, 07 Sep 2022 08:02:46 -0400
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id 272501A11;
 Wed,  7 Sep 2022 14:02:40 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vcl_HYrs2wpP; Wed,  7 Sep 2022 14:02:39 +0200 (CEST)
Received: from jurong (unknown [IPv6:2001:861:c4:f2f0:1ce9:67cd:7487:edd5])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id 285F9DF3;
 Wed,  7 Sep 2022 14:02:39 +0200 (CEST)
Date: Wed, 7 Sep 2022 14:02:37 +0200
From: Andreas Enge <andreas@HIDDEN>
To: Maxime Devos <maximedevos@HIDDEN>
Subject: Re: bug#57576: bug#57599: [PATCH] openpgp: Add support for ECDSA
 with NIST curves.
Message-ID: <YxiIXYVwrstSQqNL@jurong>
References: <87r10p3ixi.fsf@HIDDEN> <20220905160929.21742-1-ludo@HIDDEN>
 <8735d4zpcf.fsf_-_@HIDDEN>
 <4b1f50af-9694-1439-2223-e9ef5ba7ecec@HIDDEN>
 <87sfl4tgnk.fsf@HIDDEN>
 <86368af7-152b-f943-4ee6-e1471d3cb20c@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <86368af7-152b-f943-4ee6-e1471d3cb20c@HIDDEN>
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 57576
Cc: 57576 <at> debbugs.gnu.org, Ludovic =?iso-8859-15?Q?Court=E8s?= <ludo@HIDDEN>,
 57599 <at> debbugs.gnu.org, Zhu Zihao <all_but_last@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Am Wed, Sep 07, 2022 at 01:13:25PM +0200 schrieb Maxime Devos:
> Also, we _do_ have concrete evidence that the curves are flawed -- the website
> on the link mentions many issues in the process

The website (you mean the blog by D. Bernstein?) also mentions the use of
a hash function to arrive at the parameters. Maybe I overlooked something,
but I did not find other mentions of the curves (but I did not read the
page from A to Z).

> past that the NSA is in the habit of subverting communications.

But this is not concrete evidence that these curves are flawed.
As far as is publicly known, there are a few weak (and sparse) classes
of insecure elliptic curves, and the NIST curves do not belong to them.

So the only way these curves could be flawed is that there is an unknown
class of insecure curves, where the insecurity is known by the NSA.
Then if this class is sufficiently dense, one could start with a random
seed, hash the seed, and repeat until one obtains a weak instance;
see this link by a well-known cryptologist
   https://miracl.com/blog/backdoors-in-nist-elliptic-curves/
and the link given there (to another post by Bernstein).

This is possible, but speculation instead of evidence.

Newer constructions are better, but not perfect; optimally one would want
a process of "generation of public random numbers" as described here:
   https://eprint.iacr.org/2015/366

> Channels are for sharing things between multiple people. The keys are for
> authenticating channels. As multiple people are involved for a channel, this
> seems be be a non-personal decision by definition.

I said "political", which fits well the setting of multiple people involved.
And I meant this in opposition to "scientific", given the lack of evidence
against the NIST curves.

Andreas





Information forwarded to bug-guix@HIDDEN:
bug#57576; Package guix. Full text available.

Message received at 57576 <at> debbugs.gnu.org:


Received: (at 57576) by debbugs.gnu.org; 7 Sep 2022 11:13:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 07 07:13:33 2022
Received: from localhost ([127.0.0.1]:53684 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oVszt-0006MD-0o
	for submit <at> debbugs.gnu.org; Wed, 07 Sep 2022 07:13:33 -0400
Received: from xavier.telenet-ops.be ([195.130.132.52]:42226)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1oVszq-0006Lz-CN
 for 57576 <at> debbugs.gnu.org; Wed, 07 Sep 2022 07:13:31 -0400
Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]
 ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
 by xavier.telenet-ops.be with bizsmtp
 id GzDS2800120ykKC01zDSZM; Wed, 07 Sep 2022 13:13:27 +0200
Message-ID: <86368af7-152b-f943-4ee6-e1471d3cb20c@HIDDEN>
Date: Wed, 7 Sep 2022 13:13:25 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.12.0
Content-Language: en-US
To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= <ludo@HIDDEN>
References: <87r10p3ixi.fsf@HIDDEN> <20220905160929.21742-1-ludo@HIDDEN>
 <8735d4zpcf.fsf_-_@HIDDEN> <4b1f50af-9694-1439-2223-e9ef5ba7ecec@HIDDEN>
 <87sfl4tgnk.fsf@HIDDEN>
From: Maxime Devos <maximedevos@HIDDEN>
Subject: Re: bug#57576: bug#57599: [PATCH] openpgp: Add support for ECDSA with
 NIST curves.
In-Reply-To: <87sfl4tgnk.fsf@HIDDEN>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------vxO2IOjRaMvGCrzwO0kqEgv7"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1662549207; bh=Wa7i7fBraxuc3QcIo7arPe6tkLRd8hbxJtbBcApRfSU=;
 h=Date:To:Cc:References:From:Subject:In-Reply-To;
 b=SV/xqw+pDNpFUFydU56U9tYBPbod+EqQrVy52YbrGIS+5Ug/YMqsc+kuf1cBLV9Ny
 05AyU12kEMGdnCbNNb58KoehPm8xl9ITb6ueLwX1tcQ02vJLApOtu3WiFf2PO6vRCT
 ZxFOcn5M92yBme2Gh9heHVlAfBVCGk5HsUGKu7d0USDZePZhqwBW7YFZ5HG2WHxMku
 Ue2EqoCpvWAdKYtFRZ5QtfpeqH5UYDS/BVCjalMQAalgH9qfsqIQgxLf2C730hbJRH
 wZAVgGQAl8iIiAcGxQ7HA0kV3pICS/EyMS1Tb5GyVERp1+9GLn/cgOaQnDEJaKJgMJ
 1kc7ao029RRKA==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 57576
Cc: 57576 <at> debbugs.gnu.org, 57599 <at> debbugs.gnu.org,
 Zhu Zihao <all_but_last@HIDDEN>, Andreas Enge <andreas.enge@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------vxO2IOjRaMvGCrzwO0kqEgv7
Content-Type: multipart/mixed; boundary="------------cFDrxenYhXsh0LHA4GXSeMAr";
 protected-headers="v1"
From: Maxime Devos <maximedevos@HIDDEN>
To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= <ludo@HIDDEN>
Cc: 57599 <at> debbugs.gnu.org, 57576 <at> debbugs.gnu.org,
 Zhu Zihao <all_but_last@HIDDEN>, Andreas Enge <andreas.enge@HIDDEN>
Message-ID: <86368af7-152b-f943-4ee6-e1471d3cb20c@HIDDEN>
Subject: Re: bug#57576: bug#57599: [PATCH] openpgp: Add support for ECDSA with
 NIST curves.
References: <87r10p3ixi.fsf@HIDDEN> <20220905160929.21742-1-ludo@HIDDEN>
 <8735d4zpcf.fsf_-_@HIDDEN> <4b1f50af-9694-1439-2223-e9ef5ba7ecec@HIDDEN>
 <87sfl4tgnk.fsf@HIDDEN>
In-Reply-To: <87sfl4tgnk.fsf@HIDDEN>

--------------cFDrxenYhXsh0LHA4GXSeMAr
Content-Type: multipart/mixed; boundary="------------jjuonHBb79lnUhTXlLB4ePyw"

--------------jjuonHBb79lnUhTXlLB4ePyw
Content-Type: multipart/alternative;
 boundary="------------kOafE7zO0Z0RGT7i08RXYr0L"

--------------kOafE7zO0Z0RGT7i08RXYr0L
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

DQpPbiAwNi0wOS0yMDIyIDIyOjAyLCBMdWRvdmljIENvdXJ0w6hzIHdyb3RlOg0KPj4gSW4g
Y2FzZSBvZiB0aG9zZSBjdXJ2ZXMsIEknbSBub3QgYXdhcmUgb2YgYW55ICdjcnl0b3BncmFw
aGljIHByb29mJw0KPj4gKCopIHRoYXQgdGhlIGN1cnZlcyBhcmUgdnVsbmVyYWJsZSAodW5s
aWtlIGZvciBTSEEtMSksIGJ1dCBhcyBub3RlZCBpbg0KPj4gwrkgYW5kIGVsc2V3aGVyZSwg
dGhlcmUgYXJlIG90aGVyIGtpbmRzIG9mIGV2aWRlbmNlIHRoYXQgc29tZXRoaW5nIGlzDQo+
PiB3cm9uZy4NCj4gSXTigJlzIGRpZmZlcmVudCBmcm9tIFNIQS0xIHRob3VnaDogRUNEU0Eg
aXMgbm90IGtub3duIHRvIGJlIHZ1bG5lcmFibGUsDQo+IGFuZCBBSVVJIHdlIGNhbuKAmXQg
dGVsbCB0aGF0IHRoZXJl4oCZcyBhIHBvc3NpYmlsaXR5IE5JU1QvTlNBIGhhcyBhDQo+IGJh
Y2tkb29yIGFzIGlzIHRoZSBjYXNlIGZvciBEdWFsRUMuICBIb3dldmVyLCB0aGUgd2hvbGUg
TklTVCBkZXNpZ24NCj4gcHJvY2VzcyBpcyB0YWludGVkLiAgU28gbXkgdW5kZXJzdGFuZGlu
ZyBpcyB0aGF0IGl04oCZcyByZWFsbHkgYSBncmF5DQo+IGFyZWEuDQoNCkluIGNyeXB0b2dy
YXBoeSAoYW5kIHNlY3VyaXR5KSwgYmVpbmcgYSBncmV5IGFyZWEgYW5kIG5vdCBrbm93biB0
byBiZSANCnZ1bG5lcmFibGUgaXMgbm90IHN1ZmZpY2llbnQgLS0gcmF0aGVyLCB0aGVyZSBo
YXMgdG8gYmUgYSByZWFzb24gZm9yIA0KY29uZmlkZW5jZSB0aGF0IHRoYXQgdGhlIGNyeXB0
byBpcyBhY3R1YWxseSBnb29kIGFuZCBub3QtdnVsbmVyYWJsZSBmb3IgDQphIGRlY2VudCBh
bW91bnQgb2YgdGltZS4NCg0KT3IsIGluIG90aGVyIHdvcmRzLCBpbiBjcnlwdG9ncmFwaHkg
YW5kIHNlY3VyaXR5IHRoZXJlIGlzIG5vIGFzc3VtcHRpb24gDQpvZiBpbm5vY2VuY2UgLS0g
cmF0aGVyLCBpdCBzdGFydHMgd2l0aCB0aGUgYXNzdW1wdGlvbiB0aGF0IGFueW9uZSBtaWdo
dCANCmJlIGFuIGF0dGFja2VyIGFuZCB3aG9ldmVyIHByb3Bvc2VzIGEgY3J5cHRvIHRoaW5n
IGhhcyB0byBjb252aW5jZSANCm90aGVycyB0aGF0IHRoZWlyIGNyeXB0byBpcyBzZWN1cmUs
IGFuZCBhIGNvbW11bmljYXRpb24gcGFydHkgaGFzIHRvIA0KcHJvb2YgdG8gdGhlIG90aGVy
IHBhcnR5IHRoYXQgdGhleSBhcmVuJ3QgYW4gaW1wb3N0ZXIgKHB1YmxpYyBrZXkgDQpzaWdu
aW5nLCB3aXRoIGFuIHByZXZpb3VzbHkgYWdyZWVkIG9uIGtleSBhbmQgYWxnb3JpdGhtKS4N
Cg0KQW5kcmVhcyB3cm90ZToNCg0KPiB3ZWxsLCBJIGFncmVlIHdpdGggeW91ciBhbmFseXNp
cy4gVGhlcmUgaXMgbm8gY29uY3JldGUgZXZpZGVuY2UgdGhhdCB0aGUNCj4gTklTVCBjdXJ2
ZXMgbWF5IGJlIGZsYXdlZCwgYW5kIGEgZ2VuZXJhbCBiZWxpZWYgdGhhdCBub3QgYWxsIGNy
eXB0bw0KPiBzdGFuZGFyZHMgb2YgTklTVCBhcmUgZmxhd2VkIG9yIGJhY2tkb29yZWQuLi4g
U28gaXQgbWFrZXMgc2Vuc2UgdG8gYWNjZXB0DQo+IHRoZSBjdXJ2ZXMsIChhbmQgYSBwZXJz
b25hbCBkZWNpc2lvbiBhYm91dCB3aGljaCB0eXBlIG9mIGtleSBhIHVzZXIgY3JlYXRlcyku
DQpJIGZvbGxvd2VkIHlvdSByaWdodCB1bnRpbCB0aGUgY29uY2x1c2lvbiwgaXQgYXBwZWFy
cyB0aGF0IHlvdSBhcmUgDQpzdGFydGluZyBmcm9tIGFuIGFzc3VtcHRpb24gb2YgaW5ub2Nl
bmNlLCB3aGljaCBtaWdodCBleHBsYWluIG91ciANCmRpZmZlcmVudCBjb25jbHVzaW9ucz8N
Cg0KQWxzbywgd2UgX2RvXyBoYXZlIGNvbmNyZXRlIGV2aWRlbmNlIHRoYXQgdGhlIGN1cnZl
cyBhcmUgZmxhd2VkIC0tIHRoZSANCndlYnNpdGUgb24gdGhlIGxpbmsgbWVudGlvbnMgbWFu
eSBpc3N1ZXMgaW4gdGhlIHByb2Nlc3MgYW5kIGl0IGhhcyBiZWVuIA0Kc2hvd24gaW4gdGhl
IHBhc3QgdGhhdCB0aGUgTlNBIGlzIGluIHRoZSBoYWJpdCBvZiBzdWJ2ZXJ0aW5nIA0KY29t
bXVuaWNhdGlvbnMgKCopLg0KDQooKikgSSBjYW4gZ2l2ZSBzb21lIHNvdXJjZXMgaWYgeW91
IGRvbid0IGtub3cgb2YgdGhlbSBhbHJlYWR5Lg0KDQpDaGFubmVscyBhcmUgZm9yIHNoYXJp
bmcgdGhpbmdzIGJldHdlZW4gbXVsdGlwbGUgcGVvcGxlLsKgIFRoZSBrZXlzIGFyZSANCmZv
ciBhdXRoZW50aWNhdGluZyBjaGFubmVscy7CoCBBcyBtdWx0aXBsZSBwZW9wbGUgYXJlIGlu
dm9sdmVkIGZvciBhIA0KY2hhbm5lbCwgdGhpcyBzZWVtcyBiZSBiZSBhIG5vbi1wZXJzb25h
bCBkZWNpc2lvbiBieSBkZWZpbml0aW9uLg0KDQpHcmVldGluZ3MsDQpNYXhpbWUuDQoNCg==

--------------kOafE7zO0Z0RGT7i08RXYr0L
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF=
-8">
  </head>
  <body>
    <p><br>
    </p>
    <div class=3D"moz-cite-prefix">On 06-09-2022 22:02, Ludovic Court=C3=A8=
s
      wrote:<br>
    </div>
    <blockquote type=3D"cite" cite=3D"mid:87sfl4tgnk.fsf@HIDDEN">
      <blockquote type=3D"cite" style=3D"color: #007cff;">
        <pre class=3D"moz-quote-pre" wrap=3D"">In case of those curves, I=
'm not aware of any 'crytopgraphic proof'
(*) that the curves are vulnerable (unlike for SHA-1), but as noted in
=C2=B9 and elsewhere, there are other kinds of evidence that something is=

wrong.
</pre>
      </blockquote>
      <pre class=3D"moz-quote-pre" wrap=3D"">It=E2=80=99s different from =
SHA-1 though: ECDSA is not known to be vulnerable,
and AIUI we can=E2=80=99t tell that there=E2=80=99s a possibility NIST/NS=
A has a
backdoor as is the case for DualEC.  However, the whole NIST design
process is tainted.  So my understanding is that it=E2=80=99s really a gr=
ay
area.
</pre>
    </blockquote>
    <p>In cryptography (and security), being a grey area and not known
      to be vulnerable is not sufficient -- rather, there has to be a
      reason for confidence that that the crypto is actually good and
      not-vulnerable for a decent amount of time.</p>
    <p>Or, in other words, in cryptography and security there is no
      assumption of innocence -- rather, it starts with the assumption
      that anyone might be an attacker and whoever proposes a crypto
      thing has to convince others that their crypto is secure, and a
      communication party has to proof to the other party that they
      aren't an imposter (public key signing, with an previously agreed
      on key and algorithm).</p>
    <p>Andreas wrote:<br>
    </p>
    <p>
      <blockquote type=3D"cite">
        <pre class=3D"moz-quote-pre" wrap=3D"">well, I agree with your an=
alysis. There is no concrete evidence that the
NIST curves may be flawed, and a general belief that not all crypto
standards of NIST are flawed or backdoored... So it makes sense to accept=

the curves, (and a personal decision about which type of key a user creat=
es).
</pre>
      </blockquote>
      I followed you right until the conclusion, it appears that you are
      starting from an assumption of innocence, which might explain our
      different conclusions?<br>
    </p>
    <p>Also, we _do_ have concrete evidence that the curves are flawed
      -- the website on the link mentions many issues in the process and
      it has been shown in the past that the NSA is in the habit of
      subverting communications (*).</p>
    <p>(*) I can give some sources if you don't know of them already.<br>=

    </p>
    <p>Channels are for sharing things between multiple people.=C2=A0 The=

      keys are for authenticating channels.=C2=A0 As multiple people are
      involved for a channel, this seems be be a non-personal decision
      by definition.</p>
    <p>Greetings,<br>
      Maxime.<br>
    </p>
  </body>
</html>

--------------kOafE7zO0Z0RGT7i08RXYr0L--

--------------jjuonHBb79lnUhTXlLB4ePyw
Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc"
Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m
xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2
ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL
CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc
/gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4
LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C
kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK
CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W
ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ
Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0
k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo
AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE
fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D
=3DOVqp
-----END PGP PUBLIC KEY BLOCK-----

--------------jjuonHBb79lnUhTXlLB4ePyw--

--------------cFDrxenYhXsh0LHA4GXSeMAr--

--------------vxO2IOjRaMvGCrzwO0kqEgv7
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYxh81QUDAAAAAAAKCRBJ4+4iGRcl7rPJ
AP4xzgDD8QvWOgZucitONFTIc4HhSSLUsGTO4SmCDA5FIQD5AZ8BntUA5ld7RXYYYmdzySD2KI2N
aRBspP2wxwUcHgU=
=sbuj
-----END PGP SIGNATURE-----

--------------vxO2IOjRaMvGCrzwO0kqEgv7--




Information forwarded to bug-guix@HIDDEN:
bug#57576; Package guix. Full text available.

Message received at 57576 <at> debbugs.gnu.org:


Received: (at 57576) by debbugs.gnu.org; 7 Sep 2022 10:34:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 07 06:34:11 2022
Received: from localhost ([127.0.0.1]:53553 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oVsNn-0005I4-Dx
	for submit <at> debbugs.gnu.org; Wed, 07 Sep 2022 06:34:11 -0400
Received: from hera.aquilenet.fr ([185.233.100.1]:35202)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andreas@HIDDEN>)
 id 1oVsNl-0005Ho-La; Wed, 07 Sep 2022 06:34:10 -0400
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id 50AEB1861;
 Wed,  7 Sep 2022 12:34:03 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id UCs7ftoRkTry; Wed,  7 Sep 2022 12:34:02 +0200 (CEST)
Received: from jurong (unknown [IPv6:2001:861:c4:f2f0:5c3:4f65:ddfe:6444])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id 9E0C7639;
 Wed,  7 Sep 2022 12:34:02 +0200 (CEST)
Date: Wed, 7 Sep 2022 12:34:01 +0200
From: Andreas Enge <andreas@HIDDEN>
To: Ludovic =?iso-8859-15?Q?Court=E8s?= <ludo@HIDDEN>
Subject: Re: bug#57576: bug#57599: [PATCH] openpgp: Add support for ECDSA
 with NIST curves.
Message-ID: <YxhzmWPH8qxdqiFY@jurong>
References: <87r10p3ixi.fsf@HIDDEN> <20220905160929.21742-1-ludo@HIDDEN>
 <8735d4zpcf.fsf_-_@HIDDEN>
 <4b1f50af-9694-1439-2223-e9ef5ba7ecec@HIDDEN>
 <87sfl4tgnk.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87sfl4tgnk.fsf@HIDDEN>
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 57576
Cc: 57599 <at> debbugs.gnu.org, Maxime Devos <maximedevos@HIDDEN>,
 Zhu Zihao <all_but_last@HIDDEN>, 57576 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello,

Am Tue, Sep 06, 2022 at 10:02:55PM +0200 schrieb Ludovic Courtès:
> (Cc’ing Andreas for extra advice.)

well, I agree with your analysis. There is no concrete evidence that the
NIST curves may be flawed, and a general belief that not all crypto
standards of NIST are flawed or backdoored... So it makes sense to accept
the curves, but ultimately this is a political decision (and a personal
decision about which type of key a user creates).

Andreas





Information forwarded to bug-guix@HIDDEN:
bug#57576; Package guix. Full text available.

Message received at 57576 <at> debbugs.gnu.org:


Received: (at 57576) by debbugs.gnu.org; 6 Sep 2022 20:03:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 06 16:03:16 2022
Received: from localhost ([127.0.0.1]:52773 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oVemx-0008Qq-JF
	for submit <at> debbugs.gnu.org; Tue, 06 Sep 2022 16:03:15 -0400
Received: from eggs.gnu.org ([209.51.188.92]:37460)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>)
 id 1oVemt-0008QV-BE; Tue, 06 Sep 2022 16:03:14 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34830)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1oVemi-000255-S8; Tue, 06 Sep 2022 16:03:01 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=FI/Hw+31raAZJzl9Vtvb4jXJ/pU4+vp6FW1MIMkBhDA=; b=ZW6WF9JNLx0S5sI/srNt
 UFSRb+n/ay+g1kAHRzUXsSOOaNpFZMdzdGVRCZ/2lS+NnQv3XWomC8e5+ko0SXVQVrhbNVHeZZQMk
 GBHNIIO2rmmYb8XFXPDX5Kpv4AYCXwsi+NyixRvMA4tpZdiCZYX5XSLbNfTPZD1k5+2+bFKu1x2Ih
 piJHZ63yfSxHrUNHuahfN5UJW1q1vdMv+5oV+UV03YZOVX2h+564zDd8apl8WxA45DCDKysgUZ8oT
 wU1hw9YMZlkjJ1D9VzYKcmbKymTBz4/8CYc1nEZKJUgAHYT9wYuAErJlUP7NteIUWq+grECZaaZFl
 rAUdqwmz6FMbsQ==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:59166
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1oVemg-00077x-Cv; Tue, 06 Sep 2022 16:03:00 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Maxime Devos <maximedevos@HIDDEN>
Subject: Re: bug#57576: bug#57599: [PATCH] openpgp: Add support for ECDSA
 with NIST curves.
References: <87r10p3ixi.fsf@HIDDEN> <20220905160929.21742-1-ludo@HIDDEN>
 <8735d4zpcf.fsf_-_@HIDDEN>
 <4b1f50af-9694-1439-2223-e9ef5ba7ecec@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: =?utf-8?Q?D=C3=A9cadi?= 20 Fructidor an 230 de la
 =?utf-8?Q?R=C3=A9volution=2C?= jour de la Hotte
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Tue, 06 Sep 2022 22:02:55 +0200
In-Reply-To: <4b1f50af-9694-1439-2223-e9ef5ba7ecec@HIDDEN> (Maxime Devos's
 message of "Tue, 6 Sep 2022 18:10:15 +0200")
Message-ID: <87sfl4tgnk.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 57576
Cc: 57576 <at> debbugs.gnu.org, 57599 <at> debbugs.gnu.org,
 Zhu Zihao <all_but_last@HIDDEN>, Andreas Enge <andreas.enge@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

(Cc=E2=80=99ing Andreas for extra advice.)

Maxime Devos <maximedevos@HIDDEN> skribis:

> We disallow signing with SHA-1, because it is known to be vulnerable
> and as there are alternatives that are considered good, even if this
> limits what users can do with their OpenPGP keys.

Right, we know it=E2=80=99s affordable to break SHA-1 these days.

> In case of those curves, I'm not aware of any 'crytopgraphic proof'
> (*) that the curves are vulnerable (unlike for SHA-1), but as noted in
> =C2=B9 and elsewhere, there are other kinds of evidence that something is
> wrong.

It=E2=80=99s different from SHA-1 though: ECDSA is not known to be vulnerab=
le,
and AIUI we can=E2=80=99t tell that there=E2=80=99s a possibility NIST/NSA =
has a
backdoor as is the case for DualEC.  However, the whole NIST design
process is tainted.  So my understanding is that it=E2=80=99s really a gray
area.

> Except for the different nature of the evidence of vulnerability, it
> seems about the same situation to me. As such, I don't think we should
> support them (some nice error messages like 'This algorithm [...] is
> not supported yet=E2=80=99 or =E2=80=98This algorithm [...] is (likely/kn=
own to be)
> vulnerable=E2=80=99 would be good though!).

Yes, that we can improve.  :-)

> An alternative option would be to allow the channel
> .guix-authorization (of the previous commits, not the commit that is
> about to be verified!) to decide what's considered a 'good algorithm'
> (with some defaults) (with a field). Maybe we'll have to deprecate,
> say, RSA or SHA-3 eventually, it would be nice to have a migration
> method in place as early as possible, to minimise the risk of some
> people doing a "guix pull" from a Guix that does not support that
> field to a Guix or other channel that _does_ use that field.

It=E2=80=99s tempting, but I=E2=80=99d rather avoid introducing such mechan=
isms to keep
things as simple as possible.

Thanks,
Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#57576; Package guix. Full text available.

Message received at 57576 <at> debbugs.gnu.org:


Received: (at 57576) by debbugs.gnu.org; 6 Sep 2022 16:10:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 06 12:10:22 2022
Received: from localhost ([127.0.0.1]:52443 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oVb9Z-00083a-Uo
	for submit <at> debbugs.gnu.org; Tue, 06 Sep 2022 12:10:22 -0400
Received: from albert.telenet-ops.be ([195.130.137.90]:54056)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1oVb9V-00082z-5q
 for 57576 <at> debbugs.gnu.org; Tue, 06 Sep 2022 12:10:20 -0400
Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]
 ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
 by albert.telenet-ops.be with bizsmtp
 id GgAF2800520ykKC06gAFQB; Tue, 06 Sep 2022 18:10:15 +0200
Message-ID: <4b1f50af-9694-1439-2223-e9ef5ba7ecec@HIDDEN>
Date: Tue, 6 Sep 2022 18:10:15 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.12.0
Content-Language: en-US
To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= <ludo@HIDDEN>, 57599 <at> debbugs.gnu.org
References: <87r10p3ixi.fsf@HIDDEN> <20220905160929.21742-1-ludo@HIDDEN>
 <8735d4zpcf.fsf_-_@HIDDEN>
From: Maxime Devos <maximedevos@HIDDEN>
Subject: Re: bug#57576: bug#57599: [PATCH] openpgp: Add support for ECDSA with
 NIST curves.
In-Reply-To: <8735d4zpcf.fsf_-_@HIDDEN>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------m7iknZCG0iEaOGTxErBcZ11u"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1662480615; bh=CaZWk/HYRi1BwYI5GjANeDmUXPVQK9CFMDH2jWdEV5U=;
 h=Date:To:Cc:References:From:Subject:In-Reply-To;
 b=NtB/OWXc2U2EtuyLhUKdobA9fe/q7pPIhzIW6h7uNQj7CzFo7xZ5iKEXgepQJqbMG
 es0vwXlsWsfEeUbN1wDrVt0ai5g+HZZZcxpOKCtjS1H+2wh74CNnbj9jgtujjT5FQl
 pMaPM/VWedMtS75E8Kh54uR0I3m7jKskDxsH57BOpRrRpPqOJBNrxMzM63eKO0UbSf
 JVa61qJFKOHezODeNkitwvuAdw+HDcAMimsePPAMYQW7DzwoAgyPs78RDJaJ2EZ9F0
 9XvQv9IJnvV/xspSVnJ6nBYv4yR+ANsYQYovyfemtDReKg6do4nkNre42FPXsiqw6B
 GPN4mvIVNFCJQ==
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 57576
Cc: 57576 <at> debbugs.gnu.org, Zhu Zihao <all_but_last@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------m7iknZCG0iEaOGTxErBcZ11u
Content-Type: multipart/mixed; boundary="------------NEfq3g0Bo00qhIowsFRlWi8e";
 protected-headers="v1"
From: Maxime Devos <maximedevos@HIDDEN>
To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= <ludo@HIDDEN>, 57599 <at> debbugs.gnu.org
Cc: 57576 <at> debbugs.gnu.org, Zhu Zihao <all_but_last@HIDDEN>
Message-ID: <4b1f50af-9694-1439-2223-e9ef5ba7ecec@HIDDEN>
Subject: Re: bug#57576: bug#57599: [PATCH] openpgp: Add support for ECDSA with
 NIST curves.
References: <87r10p3ixi.fsf@HIDDEN> <20220905160929.21742-1-ludo@HIDDEN>
 <8735d4zpcf.fsf_-_@HIDDEN>
In-Reply-To: <8735d4zpcf.fsf_-_@HIDDEN>

--------------NEfq3g0Bo00qhIowsFRlWi8e
Content-Type: multipart/mixed; boundary="------------JKmmq2Pb50Rib7bxkzOiEn0W"

--------------JKmmq2Pb50Rib7bxkzOiEn0W
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

DQpPbiAwNi0wOS0yMDIyIDEzOjU4LCBMdWRvdmljIENvdXJ0w6hzIHdyb3RlOg0KPiBIaSwN
Cj4NCj4gRUNEU0EgYW5kIHRoZSBOSVNUIGN1cnZlcyAoYW5kIGluIGZhY3QgYSBsYXJnZSBw
YXJ0IG9mIE5JU1TigJlzIGNyeXB0bw0KPiBzdGFuZGFyZGl6YXRpb24gd29ya8K5KSBhcmUg
YWN0dWFsbHkgY29uc2lkZXJlZCB3aXRoIHNrZXB0aWNpc20gYnkgc29tZToNCj4NCj4gICAg
aHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvRWxsaXB0aWNfQ3VydmVfRGlnaXRhbF9T
aWduYXR1cmVfQWxnb3JpdGhtI0NvbmNlcm5zDQo+DQo+IFRoYXQgbWFrZXMgbWUgd29uZGVy
IHdoZXRoZXIgc3VwcG9ydGluZyB0aGVtIGlzIGEgZ29vZCBpZGVhLCBhZnRlciBhbGwuDQo+
IEV2aWRlbnRseSB0aGV54oCZcmUgbm90IHdpZGVseSB1c2VkIGluIE9wZW5QR1AgYW5kIG5v
dCBzdXBwb3J0aW5nIHRoZW0NCj4gaGFzbuKAmXQgYmVlbiBtdWNoIG9mIGEgcHJvYmxlbSwg
aXQgc2VlbXMuICBPbiBvbmUgaGFuZCwgd2UgZG9u4oCZdCB3YW50DQo+IEd1aXjigJlzIE9w
ZW5QR1AgaW1wbGVtZW50YXRpb24gdG8gbGltaXQgd2hhdCB1c2VycyBkbyB3aXRoIHRoZWly
IE9wZW5QR1ANCj4ga2V5czsgb24gdGhlIG90aGVyIGhhbmQsIHdlIGRvbuKAmXQgd2FudCB0
byBlbmNvdXJhZ2UgYWxnb3JpdGhtcyB0aGF0DQo+IGJyaW5nIGxpdHRsZSB0byB0aGUgdGFi
bGUgYXQgYmVzdCBhbmQgYXJlIHN1c3BpY2lvdXMgYXQgd29yc3QuDQo+DQo+IFdoYXQgZG8g
cGVvcGxlIHRoaW5rPw0KDQpXZSBkaXNhbGxvdyBzaWduaW5nIHdpdGggU0hBLTEsIGJlY2F1
c2UgaXQgaXMga25vd24gdG8gYmUgdnVsbmVyYWJsZSBhbmQgDQphcyB0aGVyZSBhcmUgYWx0
ZXJuYXRpdmVzIHRoYXQgYXJlIGNvbnNpZGVyZWQgZ29vZCwgZXZlbiBpZiB0aGlzIGxpbWl0
cyANCndoYXQgdXNlcnMgY2FuIGRvIHdpdGggdGhlaXIgT3BlblBHUCBrZXlzLg0KDQpJbiBj
YXNlIG9mIHRob3NlIGN1cnZlcywgSSdtIG5vdCBhd2FyZSBvZiBhbnkgJ2NyeXRvcGdyYXBo
aWMgcHJvb2YnICgqKSANCnRoYXQgdGhlIGN1cnZlcyBhcmUgdnVsbmVyYWJsZSAodW5saWtl
IGZvciBTSEEtMSksIGJ1dCBhcyBub3RlZCBpbiDCuSBhbmQgDQplbHNld2hlcmUsIHRoZXJl
IGFyZSBvdGhlciBraW5kcyBvZiBldmlkZW5jZSB0aGF0IHNvbWV0aGluZyBpcyB3cm9uZy4N
Cg0KRXhjZXB0IGZvciB0aGUgZGlmZmVyZW50IG5hdHVyZSBvZiB0aGUgZXZpZGVuY2Ugb2Yg
dnVsbmVyYWJpbGl0eSwgaXQgDQpzZWVtcyBhYm91dCB0aGUgc2FtZSBzaXR1YXRpb24gdG8g
bWUuIEFzIHN1Y2gsIEkgZG9uJ3QgdGhpbmsgd2Ugc2hvdWxkIA0Kc3VwcG9ydCB0aGVtIChz
b21lIG5pY2UgZXJyb3IgbWVzc2FnZXMgbGlrZSAnVGhpcyBhbGdvcml0aG0gWy4uLl0gaXMg
bm90IA0Kc3VwcG9ydGVkIHlldOKAmSBvciDigJhUaGlzIGFsZ29yaXRobSBbLi4uXSBpcyAo
bGlrZWx5L2tub3duIHRvIGJlKSANCnZ1bG5lcmFibGXigJkgd291bGQgYmUgZ29vZCB0aG91
Z2ghKS4NCg0KKCopIEkgbWVhbiBwcm9vZiwgbGlrZSBpbiBtYXRoZW1hdGljYWwgcHJvb2Zz
LCBub3QgbWVyZWx5IGV2aWRlbmNlLg0KDQpBbiBhbHRlcm5hdGl2ZSBvcHRpb24gd291bGQg
YmUgdG8gYWxsb3cgdGhlIGNoYW5uZWwgLmd1aXgtYXV0aG9yaXphdGlvbiANCihvZiB0aGUg
cHJldmlvdXMgY29tbWl0cywgbm90IHRoZSBjb21taXQgdGhhdCBpcyBhYm91dCB0byBiZSB2
ZXJpZmllZCEpIA0KdG8gZGVjaWRlIHdoYXQncyBjb25zaWRlcmVkIGEgJ2dvb2QgYWxnb3Jp
dGhtJyAod2l0aCBzb21lIGRlZmF1bHRzKSANCih3aXRoIGEgZmllbGQpLiBNYXliZSB3ZSds
bCBoYXZlIHRvIGRlcHJlY2F0ZSwgc2F5LCBSU0Egb3IgU0hBLTMgDQpldmVudHVhbGx5LCBp
dCB3b3VsZCBiZSBuaWNlIHRvIGhhdmUgYSBtaWdyYXRpb24gbWV0aG9kIGluIHBsYWNlIGFz
IA0KZWFybHkgYXMgcG9zc2libGUsIHRvIG1pbmltaXNlIHRoZSByaXNrIG9mIHNvbWUgcGVv
cGxlIGRvaW5nIGEgImd1aXggDQpwdWxsIiBmcm9tIGEgR3VpeCB0aGF0IGRvZXMgbm90IHN1
cHBvcnQgdGhhdCBmaWVsZCB0byBhIEd1aXggb3Igb3RoZXIgDQpjaGFubmVsIHRoYXQgX2Rv
ZXNfIHVzZSB0aGF0IGZpZWxkLg0KDQpaaHUgWmloYW8gd3JvdGU6DQoNCj4gTXkgb3Bpbmlv
bjogTWF5YmUgTlNBIHJlY29tbWVuZCBOSVNUIGZhbWlseSBiZWNhdXNlIHRoZXkga25vdyBo
b3cgdG8gZ2V0DQo+IGFyb3VuZCBpdC4NCklmIHNvLCBJIGJlbGlldmUgdGhpcyBpcyBhbiBh
cmd1bWVudCBhZ2FpbnN0IGFsbG93aW5nIHRoZXNlIGN1cnZlcywgdG8gDQphdm9pZCBhIG1l
dGhvZCBOU0EgY291bGQgdXNlIGZvciBhdHRhY2tzLg0KPiBCdXQgdGhleSBhbHNvIGhhdmUg
dG8gYmVsaWV2ZSBmb3JlaWduIGdvdmVybm1lbnQgY2FuJ3QgYnJlYWsNCj4gaXQgZWFzaWx5
Lg0KRm9yIHBlb3BsZSBvdXRzaWRlIHRoZSBVUywgdGhlIFVTIChvZiB3aGljaCB0aGUgTlNB
IGlzIGFuIGFnZW5jeSkgX2lzXyBhIA0KZm9yZWlnbiBnb3Zlcm5tZW50LiBBcyBHdWl4IGlz
IG5vdCBhbiBVUy1zcGVjaWZpYyBwcm9qZWN0LCBJIGRvIG5vdCANCnRoaW5rIHRoaXMgaXMg
YW4gYXJndW1lbnQgZm9yIGFsbG93aW5nIHRoZSBjdXJ2ZXMuDQoNCkdyZWV0aW5ncywNCk1h
eGltZS4NCj4gTHVkb+KAmS4NCj4NCj4gwrkgaHR0cHM6Ly9ibG9nLmNyLnlwLnRvLzIwMjIw
ODA1LW5zYS5odG1sDQo+DQo+DQo=
--------------JKmmq2Pb50Rib7bxkzOiEn0W
Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc"
Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m
xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2
ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL
CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc
/gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4
LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C
kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK
CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W
ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ
Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0
k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo
AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE
fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D
=3DOVqp
-----END PGP PUBLIC KEY BLOCK-----

--------------JKmmq2Pb50Rib7bxkzOiEn0W--

--------------NEfq3g0Bo00qhIowsFRlWi8e--

--------------m7iknZCG0iEaOGTxErBcZ11u
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYxdw5wUDAAAAAAAKCRBJ4+4iGRcl7quU
AQDjT/hlPANBwisnsDrSyWWIlc7j8BlKsqEmrLZrBvNZ0AEAlEP04v72+RVoFpSiVX3tFFs+AtXO
T+O1kFl1bl8SQQ4=
=dLJH
-----END PGP SIGNATURE-----

--------------m7iknZCG0iEaOGTxErBcZ11u--




Information forwarded to bug-guix@HIDDEN:
bug#57576; Package guix. Full text available.

Message received at 57576 <at> debbugs.gnu.org:


Received: (at 57576) by debbugs.gnu.org; 6 Sep 2022 15:29:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 06 11:29:13 2022
Received: from localhost ([127.0.0.1]:52345 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oVaVl-0006aa-KC
	for submit <at> debbugs.gnu.org; Tue, 06 Sep 2022 11:29:13 -0400
Received: from mail-m974.mail.163.com ([123.126.97.4]:1252)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <all_but_last@HIDDEN>)
 id 1oVaVg-0006Zv-No; Tue, 06 Sep 2022 11:29:12 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
 s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=Fyn3r
 DIjzP/OhzS8WpK4DqZ1UCdxft0XFgdRex8ac8s=; b=imHX3Nw45df3schALVJqi
 86b31I6LT8LcpcVFhV+KjfWZyK45gRqaKnCJewX9MghjwWM9NcXaUaJY813hXKXM
 Ob++ZQ73+zO+cgNHQ/X2ctWakx4P4tic8MMAkxpnIcvDFvoONOEu5rccBEqoXdPW
 cC1rd4bxqisq/Bp16WcvIU=
Received: from asus-laptop (unknown [27.46.84.97])
 by smtp4 (Coremail) with SMTP id HNxpCgBnDOw4ZxdjHzAhaw--.3788S2;
 Tue, 06 Sep 2022 23:28:57 +0800 (CST)
References: <87r10p3ixi.fsf@HIDDEN> <20220905160929.21742-1-ludo@HIDDEN>
 <8735d4zpcf.fsf_-_@HIDDEN>
User-agent: mu4e 1.8.9; emacs 29.0.50
From: Zhu Zihao <all_but_last@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: bug#57599: [PATCH] openpgp: Add support for ECDSA with NIST
 curves.
Date: Tue, 06 Sep 2022 23:26:19 +0800
In-reply-to: <8735d4zpcf.fsf_-_@HIDDEN>
Message-ID: <86sfl434lo.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-CM-TRANSID: HNxpCgBnDOw4ZxdjHzAhaw--.3788S2
X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73
 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvj4RYsjjUUUUU
X-Originating-IP: [27.46.84.97]
X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/xtbBoRl0r2I0UnTxRAAAsm
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 57576
Cc: 57576 <at> debbugs.gnu.org, 57599 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

My opinion: Maybe NSA recommend NIST family because they know how to get
around it. But they also have to believe foreign government can't break
it easily.

-- 
Retrieve my PGP public key:

  gpg --recv-keys 481F5EEEBA425ADC13247C76A6E672D981B8E744

Zihao





Information forwarded to bug-guix@HIDDEN:
bug#57576; Package guix. Full text available.

Message received at 57576 <at> debbugs.gnu.org:


Received: (at 57576) by debbugs.gnu.org; 6 Sep 2022 11:58:51 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 06 07:58:51 2022
Received: from localhost ([127.0.0.1]:49947 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oVXEB-0005xq-CK
	for submit <at> debbugs.gnu.org; Tue, 06 Sep 2022 07:58:51 -0400
Received: from eggs.gnu.org ([209.51.188.92]:50442)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>)
 id 1oVXEA-0005xZ-2s; Tue, 06 Sep 2022 07:58:50 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:39742)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1oVXE3-0007Dl-PV; Tue, 06 Sep 2022 07:58:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=xfzwpkeSOdAdAhf0VR9CTc0gCQCf2I/mpOHet9s52Ao=; b=ZZYtV9fVXo2LXYfxTY2U
 NRjMNkq8fcsR9iFHZggqD6nT321hqLGdM8qPmHYGAnKs0AK4GPmG0fVwTUDyZNl1IxZ3WObysGFgV
 ptzZONhLpah9pAJcs/qnobet/P9skt5FaqbRVJUxR+SZT0aBVL8WKKiM+Rk/dLyMY40ZesOvw9mPn
 gOGPa5+mxY3gRGI+uZ+j0K8ouZJ/a/84oNcxnvaSCEnpfLrv3ZlcN5RJcmjITuhOi7gsxhTHeCa+O
 uAUtFlPZQPm1fnfzJ4/pSPCDfddABCPSqLjIb0GbAiNRZYilVNHR9FypmfE6JLnKrc5ghP03hs46G
 4MllZ5zbTr+yXw==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64957
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1oVXE3-0001bb-D2; Tue, 06 Sep 2022 07:58:43 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: 57599 <at> debbugs.gnu.org
Subject: Re: bug#57599: [PATCH] openpgp: Add support for ECDSA with NIST
 curves.
References: <87r10p3ixi.fsf@HIDDEN> <20220905160929.21742-1-ludo@HIDDEN>
Date: Tue, 06 Sep 2022 13:58:40 +0200
In-Reply-To: <20220905160929.21742-1-ludo@HIDDEN> ("Ludovic =?utf-8?Q?Cou?=
 =?utf-8?Q?rt=C3=A8s=22's?=
 message of "Mon, 5 Sep 2022 18:09:29 +0200")
Message-ID: <8735d4zpcf.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 57576
Cc: 57576 <at> debbugs.gnu.org, Zhu Zihao <all_but_last@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

ECDSA and the NIST curves (and in fact a large part of NIST=E2=80=99s crypto
standardization work=C2=B9) are actually considered with skepticism by some:

  https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#=
Concerns

That makes me wonder whether supporting them is a good idea, after all.
Evidently they=E2=80=99re not widely used in OpenPGP and not supporting them
hasn=E2=80=99t been much of a problem, it seems.  On one hand, we don=E2=80=
=99t want
Guix=E2=80=99s OpenPGP implementation to limit what users do with their Ope=
nPGP
keys; on the other hand, we don=E2=80=99t want to encourage algorithms that
bring little to the table at best and are suspicious at worst.

What do people think?

Ludo=E2=80=99.

=C2=B9 https://blog.cr.yp.to/20220805-nsa.html




Information forwarded to bug-guix@HIDDEN:
bug#57576; Package guix. Full text available.

Message received at 57576 <at> debbugs.gnu.org:


Received: (at 57576) by debbugs.gnu.org; 5 Sep 2022 16:06:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 05 12:06:11 2022
Received: from localhost ([127.0.0.1]:48692 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oVEbz-00034X-Ll
	for submit <at> debbugs.gnu.org; Mon, 05 Sep 2022 12:06:11 -0400
Received: from eggs.gnu.org ([209.51.188.92]:55660)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1oVEbx-00034C-Rk
 for 57576 <at> debbugs.gnu.org; Mon, 05 Sep 2022 12:06:10 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:51920)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1oVEbs-0006ed-JV; Mon, 05 Sep 2022 12:06:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=UkGtCBty6Hh8uZqpIB3zuQvjVzG1PYNpmCMesm2ZtCw=; b=Bwh0Jkyu9zdO05MtdTHs
 4S22q1IcVkf15HI3BttvdhF0/ixV10VieRENvv/QJChj+RFYVJAvuH6q5Grp8FgHX+n//MB03OyIt
 D7o7IC8b1CJfLRInUQgBJBRlWcL4wSRAIhyeEM1zbUbAwglb8HVCog+p45Ym4uhlZR9Yv3a5Ylayy
 yKlW4PTKI5QMYrRLx/Qp8Be2KyAa9om835NPXeoi4ogsen7ol8nzNsTF90T2J9wOcCD+PNifxv+8r
 Vs4wwNwv3Wz08cH0UjlXSnVm+TLLFX+JrI/BtsWhZcGMuMrFbYtHo0VQc+5zoCKGdkZ39BM2NGOOC
 VZsEv0POlLGMUw==;
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=34280 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1oVEbr-0002on-Mx; Mon, 05 Sep 2022 12:06:04 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Zhu Zihao <all_but_last@HIDDEN>
Subject: Re: bug#57576: Missing support for NIPT-P384 gpg algorithm in Guix
 channel authentication.
References: <86v8q38i5i.fsf@HIDDEN>
Date: Mon, 05 Sep 2022 18:06:01 +0200
In-Reply-To: <86v8q38i5i.fsf@HIDDEN> (Zhu Zihao's message of "Sun, 04 Sep
 2022 19:53:28 +0800")
Message-ID: <87r10p3ixi.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 57576
Cc: 57576 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Zhu Zihao <all_but_last@HIDDEN> skribis:

> I'm working with my private channel, And I update my gpg key using
> NIPT-P384 algorithm. But `guix time-machine` complains that:

[...]

>     226:4  6 (authenticate-commit #<git-repository 861da0> #<git-co=E2=80=
=A6> =E2=80=A6)
>    129:23  5 (commit-signing-key _ #<oid 6601a6ab9073cfe260e1563131=E2=80=
=A6> =E2=80=A6)
> In guix/openpgp.scm:
>    562:26  4 (verify-openpgp-signature _ _ _)
> In gcrypt/pk-crypto.scm:
>     250:8  3 (key-type (unsupported-algorithm 19 #vu8(5 43 129 4 =E2=80=
=A6)))
>    202:27  2 (_ (unsupported-algorithm 19 #vu8(5 43 129 4 0 34 3 =E2=80=
=A6)) 0)
> In ice-9/boot-9.scm:
>   1685:16  1 (raise-exception _ #:continuable? _)
>   1685:16  0 (raise-exception _ #:continuable? _)
>
> ice-9/boot-9.scm:1685:16: In procedure raise-exception:
> In procedure struct-vtable: Wrong type argument in position 1 (expecting =
struct): (unsupported-algorithm 19 #vu8(5 43 129 4 0 34 3 3 4 53 239 158 10=
5 250 133 46 247 192 56 245 48 43 60 70 47 46 85 221 226 213 94 248 254 218=
 85 176 252 233 119 26 85 65 191 47 159 193 86 129 155 186 183 151 233 81 1=
78 42 30 81 234 192 184 140 230 226 26 72 186 82 18 213 187 6 28 34 39 197 =
75 37 138 226 98 216 187 185 223 222 126 181 122 255 104 171 201 51 254 7 2=
35 245 151 247 168 215 165 73 181))
>
> Does Guix support NIPT-P384 key?

Nope!  (That=E2=80=99s NIST-P384.)

To add it, we need to adjust (guix openpgp) to support it (and ECDSA,
the =E2=80=9C19=E2=80=9D we see above).  I=E2=80=99ll follow up with a patc=
h.

Ludo=E2=80=99.





Information forwarded to bug-guix@HIDDEN:
bug#57576; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 4 Sep 2022 12:14:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Sep 04 08:14:56 2022
Received: from localhost ([127.0.0.1]:43647 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oUoWd-0007IO-IZ
	for submit <at> debbugs.gnu.org; Sun, 04 Sep 2022 08:14:55 -0400
Received: from lists.gnu.org ([209.51.188.17]:51122)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <all_but_last@HIDDEN>) id 1oUoWa-0007IF-10
 for submit <at> debbugs.gnu.org; Sun, 04 Sep 2022 08:14:54 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:42910)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <all_but_last@HIDDEN>)
 id 1oUoWZ-0003ti-Sc
 for bug-guix@HIDDEN; Sun, 04 Sep 2022 08:14:51 -0400
Received: from mail-m975.mail.163.com ([123.126.97.5]:5231)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <all_but_last@HIDDEN>) id 1oUoWT-0002Uy-SA
 for bug-guix@HIDDEN; Sun, 04 Sep 2022 08:14:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
 s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=73Xk4
 vPyJJxio0o4x9HrArY0X31nMfI5KVmowrdSVuQ=; b=WZTIRloHp4mQk7Oizc0Y4
 3F8ZrIhv8SRh+hj/msFCQrzqPB3H1rZEsMWAF6WoEPepz9epOkO0M6oqNT0KzPNO
 1e0exaA6arIBBibgz1bGkPGXrCrorrplNplD8smZL1QTEqmOMTx1iITz63LSS4x7
 6a9RD7RM5udIDBqjtPjs6I=
Received: from asus-laptop (unknown [27.38.249.43])
 by smtp5 (Coremail) with SMTP id HdxpCgCHFCockxRjHdPtZg--.61537S2;
 Sun, 04 Sep 2022 19:59:26 +0800 (CST)
User-agent: mu4e 1.8.9; emacs 29.0.50
From: Zhu Zihao <all_but_last@HIDDEN>
To: bug-guix <bug-guix@HIDDEN>
Subject: Missing support for NIPT-P384 gpg algorithm in Guix channel
 authentication.
Date: Sun, 04 Sep 2022 19:53:28 +0800
Message-ID: <86v8q38i5i.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha384; protocol="application/pgp-signature"
X-CM-TRANSID: HdxpCgCHFCockxRjHdPtZg--.61537S2
X-Coremail-Antispam: 1Uf129KBjvJXoWxGrWkXw47Jr18tF4rKw4xCrg_yoW5WFyfpa
 18WF1SyryUJr45J3Wjkr1qqr47tr1UGry2qr4DG348Xr98WF1kKr1aya15Jr98AF1jgryj
 yrn5JrWDWF12y3JanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRZvt_UUUUU=
X-Originating-IP: [27.38.249.43]
X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/xtbBZh5yr1aEBqCPMwAAst
Received-SPF: pass client-ip=123.126.97.5; envelope-from=all_but_last@HIDDEN;
 helo=mail-m975.mail.163.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

I'm working with my private channel, And I update my gpg key using
NIPT-P384 algorithm. But `guix time-machine` complains that:

Updating channel 'cireguix' from Git repository at '/home/citreu/gitrepos/c=
ireguix'...
Authenticating channel 'cireguix', commits 9b37ac0 to 6601a6a (1 new commit=
s)...
[##########################################################################=
###########################################################################=
###########################################################################=
###########]Backtrace:
In guix/store.scm:
   659:37 19 (thunk)
In guix/status.scm:
    815:4 18 (call-with-status-report _ _)
In guix/store.scm:
   1298:8 17 (call-with-build-handler #<procedure 7f6086416630 at g=E2=80=
=A6> =E2=80=A6)
In guix/inferior.scm:
   904:34 16 (cached-channel-instance #<store-connection 256.99 7f6=E2=80=
=A6> =E2=80=A6)
In guix/channels.scm:
    523:7 15 (loop _ _)
In guix/combinators.scm:
    48:26 14 (fold2 #<procedure 7f60883758a0 at guix/channels.scm:5=E2=80=
=A6> =E2=80=A6)
In guix/channels.scm:
   533:29 13 (_ #<<channel> name: cireguix url: "/home/citreu/gitre=E2=80=
=A6> =E2=80=A6)
   421:12 12 (latest-channel-instance #<store-connection 256.99 7f6=E2=80=
=A6> =E2=80=A6)
In guix/git.scm:
    290:7 11 (call-with-repository _ #<procedure 7f60883757e0 at gui=E2=80=
=A6>)
In guix/git-authenticate.scm:
   442:22 10 (authenticate-repository #<git-repository 861da0> _ _ # =E2=80=
=A6)
In guix/progress.scm:
    71:36  9 (call-with-progress-reporter _ _)
In srfi/srfi-1.scm:
   460:18  8 (fold #<procedure 7f608943bfc0 at guix/git-authenticat=E2=80=
=A6> =E2=80=A6)
In guix/git-authenticate.scm:
   290:24  7 (_ #<git-commit 6601a6ab9073cfe260e1563131990c786519a2=E2=80=
=A6> =E2=80=A6)
    226:4  6 (authenticate-commit #<git-repository 861da0> #<git-co=E2=80=
=A6> =E2=80=A6)
   129:23  5 (commit-signing-key _ #<oid 6601a6ab9073cfe260e1563131=E2=80=
=A6> =E2=80=A6)
In guix/openpgp.scm:
   562:26  4 (verify-openpgp-signature _ _ _)
In gcrypt/pk-crypto.scm:
    250:8  3 (key-type (unsupported-algorithm 19 #vu8(5 43 129 4 =E2=80=A6)=
))
   202:27  2 (_ (unsupported-algorithm 19 #vu8(5 43 129 4 0 34 3 =E2=80=A6)=
) 0)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1685:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure struct-vtable: Wrong type argument in position 1 (expecting st=
ruct): (unsupported-algorithm 19 #vu8(5 43 129 4 0 34 3 3 4 53 239 158 105 =
250 133 46 247 192 56 245 48 43 60 70 47 46 85 221 226 213 94 248 254 218 8=
5 176 252 233 119 26 85 65 191 47 159 193 86 129 155 186 183 151 233 81 178=
 42 30 81 234 192 184 140 230 226 26 72 186 82 18 213 187 6 28 34 39 197 75=
 37 138 226 98 216 187 185 223 222 126 181 122 255 104 171 201 51 254 7 235=
 245 151 247 168 215 165 73 181))

Does Guix support NIPT-P384 key?
=2D-=20
Retrieve my PGP public key:

  gpg --recv-keys 481F5EEEBA425ADC13247C76A6E672D981B8E744

Zihao

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iKsEARMJADMWIQQkZvBVi/S5Mr2eh+gobjKMmWV3qgUCYxSTGRUcYWxsX2J1dF9s
YXN0QDE2My5jb20ACgkQKG4yjJlld6qXjwF/XKOJx8mQUfXAqM0mJjiWRI89Zscy
SqSvtLgGIrBFIjBgfQbGLXwu1jzPh+TT1aSPAYC+VtNBbABeVJvGdPDrK5mOhBDe
OgiZv6Zel2z0p0nNpLav51TZb0C7wOhaal/oZuA=
=gtRp
-----END PGP SIGNATURE-----
--=-=-=--





Acknowledgement sent to Zhu Zihao <all_but_last@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#57576; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Wed, 7 Sep 2022 13:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.