<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Mar 25, 2019 at 4:14 AM Ángel <<a href="mailto:angel@crypto.16bits.net">angel@crypto.16bits.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 2019-03-23 at 22:49 -0400, Phillip Hallam-Baker wrote:<br>
<br>
<br>
> OK so there is some magic: I change the email address to embed the<br>
> fingerprint of the recipient:<br>
<br>
> alice@example.com.mm--mb2gk-6duf5-ygyyl-jny5e-rwshz <br>
> <br>
> If the email client is Mesh enabled, it can recognize this as a SIN<br>
> and work out that it needs to apply a security policy (OpenPGP or<br>
> S/MIME) that has the fingerprint mb2gk-<br>
<br></blockquote><div><span class="gmail_default" style="font-size:small">When looking at this, I realized that I had cut and pasted from the old version of the spec which uses Base32 in groups of 5 characters. The new spec uses groups of 4. The same arguments apply though.</span> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Is the fingerprint mb2gk- or mb2gk-6duf5-ygyyl-jny5e-rwshz? If the<br>
earlier, isn't that a fingerprint too short to be relied on?<br></blockquote><div><br></div><div class="gmail_default" style="font-size:small">mb2gk- was just an abbreviation for mb2gk-6duf5-ygyyl-jny5e-rwshz.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">That is about as long as can be put on a business card. It presents a 2^(125-8) work factor which is more than sufficient for the purpose of introduction. If we were using a QR code introduction then we would go for 30 significant characters which is 2^(150-8) = 2^140, ample.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">The birthday attack is not relevant in this case as we are presented with a particular address that must be attacked.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">When a SIN is first processed, the tools will pull the Mesh profile and verify the hash. In the process reconstructing the full 512 bit SHA-2-512 output. The recommended approach is to store this value and store the result with 250 bit precision for future comparison. I call this key strengthening.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">More bits is only more secure if people keep using the technology. The longer the fingerprint, the less likely they are to use it. So there is a balance point. But a SIN can be expressed with arbitrary precision.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">One way to address this is with fingerprint compression. If the last 16, 32, 48 or 64 bits of a fingerprint are zero, this is noted in the lead byte which encodes the digest algorithm and purpose. So there is the option to perform proof of work hardening on the identifier allowing a 20 significant char fingerprint to be used safely. </div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">The other use for the proof of work might well be in spam control.</div><div class="gmail_default" style="font-size:small"><br></div></div></div>