[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: including the entire fingerprint of the issuer in an OpenPGP certification
On Jan 18, 2011, at 12:48 PM, Jon Callas wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>> I agree. Further I am not sure whether we should do this full
>> fingerprint proposal right now or better wait for SHA-3. If we would
>> settle now for a new fingerprint signature subpacket we will for sure
>> need to revise that for SHA-3. We would need to maintain code for the
>> current fingerprint as well as for a SHA-3 for a little eternity.
> If we combine it with a hash-independent fingerprint -- e.g., first byte is an algorithm ID, others are the actual hash -- then we can put it in now and then run with it.
Rather than first byte being an algorithm ID, how about first byte being the version of the fingerprint? So, it would be "4" for the current fingerprint, "5" for whatever we come up with later, etc. If it is an algorithm ID, then we could end up with two different people encoding their fingerprints in two different ways, and have to support reading that in the clients.