--
You received this message because you are subscribed to the Google Groups "age-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to age-dev+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/age-dev/59580227-ba8b-4125-a928-79c843c6c47c%40www.fastmail.com.
It's time to pick the bikeshed's encoding. Here are two things I'd like to fix.
- Using _ in keys is not markup safe, both in some Markdown parsers and in simpler markups.
- It's very easy to copy-paste the armor wrong, I forgot the first line myself a couple times.
For (1) I think I like switching the keys to Bech32. It selects as a single word, it doesn't have symbols, and it's case insensitive so it can be read out loud. (I might read an age key on stage at RWC in a lighting talk as a tribute to Ian Goldberg.)# created: 2019-12-19T00:02:55-05:00# public key: age14dmj9at47tgfv8l9n499z6jreca3rurndypp582wqlwv40e8cxaqevqcsaAGE-SECRET-KEY-1FWY45RKECMS2XN3R9W43K9QX07NJ5QKN4KPKQXZ0053HEHALY4SQT8020E
I initially used pubkey: instead of age: because "age age:81gSRoyO7KMDK00bYKGsML1Yi7nqv61_k9GBnQ-VOzc" stuttered, but now that we have -r it's not as bad: "age -r age14dmj9at47tgfv8l9n499z6jreca3rurndypp582wqlwv40e8cxaqevqcsa".
At that point we might as well make github: recipients just "@FiloSottile"?
I never liked alias: recipients so let's just drop them for now.
Since it's not used in user-facing encoding anymore, we can also switch the Base64 alphabet in the header to the standard one, just to reduce the weird.
For (2) it's with a heavy heart that I admit the idea of leaving the header as-is in the armor was clever. And you know what it means when I call something clever: it's going away. Now we should decide if we just sell our soul to PEM (maybe with a Tool: header for the URL?), if we pick the saltpack thing (ugh, 3 different encoding bases in a spec?), or if we just make something up.
The part I don't like about making the armor better is that I don't want people to actually use this for email, but there are non 8-bit safe environments, and if we're going to have an armor making it annoying just feels user-hostile. So PEM I guess? Or can v1 get away without an armored format?
I've been working on generalized bech32 formats for cryptographic keys / signatures / digests etc here:
The main drawback of bech32 for private key storage is I'm unaware of any constant time encoders/decoders.It seems possible with a combination of a constant time base32 implementation and bitslicing for the bech32 lookup table, but I haven't seen it implemented yet.
On Thu, Dec 19, 2019 at 12:29 AM Filippo Valsorda <fil...@ml.filippo.io> wrote:It's time to pick the bikeshed's encoding. Here are two things I'd like to fix.
- Using _ in keys is not markup safe, both in some Markdown parsers and in simpler markups.
- It's very easy to copy-paste the armor wrong, I forgot the first line myself a couple times.
For (1) I think I like switching the keys to Bech32. It selects as a single word, it doesn't have symbols, and it's case insensitive so it can be read out loud. (I might read an age key on stage at RWC in a lighting talk as a tribute to Ian Goldberg.)# created: 2019-12-19T00:02:55-05:00# public key: age14dmj9at47tgfv8l9n499z6jreca3rurndypp582wqlwv40e8cxaqevqcsaAGE-SECRET-KEY-1FWY45RKECMS2XN3R9W43K9QX07NJ5QKN4KPKQXZ0053HEHALY4SQT8020EI initially used pubkey: instead of age: because "age age:81gSRoyO7KMDK00bYKGsML1Yi7nqv61_k9GBnQ-VOzc" stuttered, but now that we have -r it's not as bad: "age -r age14dmj9at47tgfv8l9n499z6jreca3rurndypp582wqlwv40e8cxaqevqcsa".I like this, particularly the single-word selection (the lack of this in the initial format has annoyed me during development).For the native YubiKey / PIV support, we could use "age1piv" as the HRP, which would give visually-subclassed pubkeys like:age1piv14dmj9at47tgfv8l9n499z6jreca3rurndypp582wqlwv40e8cxaqevqcsa
My main concern is whether we need to address the recent Bech32 malleability issue. I think not, as long as all secret and public keys are fixed-length; is this likely to always be the case?
If we defined our own encoding, and the main complaint is that we re-used the normal header, then what about simply making the markers symmetric (like PEM, and more visually distinct from the normal age format), and leaving the rest as-is? I do like the "This is a file" aspect of the current marker, which nudges users away from using it in-line.
The part I don't like about making the armor better is that I don't want people to actually use this for email, but there are non 8-bit safe environments, and if we're going to have an armor making it annoying just feels user-hostile. So PEM I guess? Or can v1 get away without an armored format?How prevalent and problematic are non 8-bit safe environments? Is this just older Windows CLIs, or are there newer shells that cause issues as well? I know I was having issues with pipes in PowerShell, but that was more of a wchar issue.
On Thu, Dec 19, 2019 at 12:29 AM Filippo Valsorda <fil...@ml.filippo.io> wrote:This decouples them from GitHub, which might be nice (implementations could query several different username-based services to find keys) at the cost of potential fragmentation and non-obviousness.