Re: Encoding "secret key is hashed"

[Edwin Woudt <edwin@xxxxxxxx>]

Michael Young <mwy-opgp97@xxxxxxxxxxxxxx> wrote:

> Back in March, I opined that an S2K bit was out of place,
> noting that the S2K itself isn't broken, and that it is
> used in other contexts.

I agree.


> Hal Finney offered the following alternative, which I like
> much better than tweaking the S2K itself:
>
> > Another place we could represent the alternative format is the byte
> > which comes shortly before the S2K in the secret key packet.  This
> > byte is fixed at a value of 255 to flag that an S2K is in use.  We
> > could perhaps use some alternate value for this byte to flag that the
> > private key is using a different form of checksum protection.
>
> Perhaps a value of 254?

I assume that you still want to change the version number to 5 as in your 
March posting?

In that case, I do not really see a reason to bother with changing this 
value at all, because there is no real reason to support the old checksum 
protection for version 5 keys anyway.


> On a slightly related note, could we also add placeholders
> to the spec for the NAI-specific things that have come into
> practice?  One example is the S2K bits for raw and split keys,
> which is why it came to mind now.  Hal mentioned an X.509
> certificate signature subpacket, and a CRL packet type.  The
> PhotoID packet is yet another that was discussed recently.

This would indeed be helpful.


Edwin