[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Git hosting changes, git:// support discontinued

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Git hosting changes, git:// support discontinued
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Mon, 8 Dec 2014 10:25:15 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 08 Dec 2014 10:25:30 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=BNP7N90HpKVw99xQkQqqDDTaFAVZTleoKyESLpF43KM=; b=kWUotkWoSaJ6b3GLdJNvZg7W1p/FWSqR6jf77tcwXNe8p/JAE2GtJ/ZQB2puhOwpfA 3oTlSOdQJu+BfKEZYQDbDmOg8BXpTxoPAIfgsXh2W0oMO8xSIRsweugkQm4RB0vMdMtb fJjAJ/++WgZakAARHkGS0ajxGUsqSrRh2BkX+yzTDI6Jp5MrU7MvkT6n3sxzEDqTHNzb 5nhdEHa3g15IMfChJ15i4VMqEteFyEXe3uL72u8Piuv4IqvypUBDcQyv+rAHtYpK69E0 OI+xlKg9a5k2qrSm3ugqzzg6IG1jUn1+lH7ZYPFKynnE0SmIs7OHd46WNfLQYRhv1gw3 756g==
In-reply-to: <20141208135726.GH22670@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <40E30713-AD1D-4426-9E7A-4817B77EBF6E@xxxxxxxxxxxxxx> <20141130223205.GV22670@xxxxxxxxxxxxxxxxxxxx> <08D4E1D8-FA22-41B8-A995-D22271865E31@xxxxxxxxxxxxxx> <20141208135726.GH22670@xxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mon, Dec 8, 2014 at 8:57 AM, Jason Cooper <tor@xxxxxxxxxxxxxx> wrote:
 [...]
>> On a tangent, referring to keys by their short (or long, for that
>> matter) keyid is not a good idea. How to verify Nick actually has the
>> blessing of the Tor project (or any subset of people therein, etc) to
>> sign tags is yet another problematic area without a real solution.
>
> Yes, using the 32bit identifier certainly is prone to collisions, but we
> also aren't attempting to validate that key in this thread.  At the 2013
> Kernel Summit, Linus advised using 12 characters for abbreviated commit
> hashes over the current norm of 7.  Same problem, different aspect.

Yeah; and it's not like generating collisions or second preimages on a
48-bit identifier is out-of-reach for a bored undergraduate.  Using a
12-char abbreviated ID this long will prevent more accidental
collisions, but for resisting deliberate collisions, I won't really be
happy until git migrates away from SHA1 entirely.

-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Git hosting changes, git:// support discontinued
  - From: Jason Cooper

References:
- Re: [tor-dev] Git hosting changes, git:// support discontinued
  - From: Jason Cooper

Prev by Author: Re: [tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'
Next by Author: [tor-dev] Time change for Tor patch workshop meetings: 1800 UTC on Tuesdays
Previous by thread: Re: [tor-dev] Git hosting changes, git:// support discontinued
Next by thread: Re: [tor-dev] Git hosting changes, git:// support discontinued
Index(es):
- Author
- Thread