[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: including the entire fingerprint of the issuer in an OpenPGP certification

To: Jon Callas <jon@xxxxxxxxxx>
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
From: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Date: Tue, 18 Jan 2011 16:45:14 -0500
Cc: Werner Koch <wk@xxxxxxxxx>, OpenPGP Working Group <ietf-openpgp@xxxxxxx>
In-reply-to: <58216C60-3DFD-4312-B514-19243ED4220A@xxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <E1Pf1WI-0007aL-EN@xxxxxxxxxxxxxxxxxxxxxxxxxx> <CFCF61BD-9281-4F09-AD31-C5AAC38315FE@xxxxxxxxxx> <4D354A08.1010206@xxxxxxxx> <87lj2isgm8.fsf@xxxxxxxxxxxxxxxxxxx> <58216C60-3DFD-4312-B514-19243ED4220A@xxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

On Jan 18, 2011, at 12:48 PM, Jon Callas wrote:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
>> I agree.  Further I am not sure whether we should do this full
>> fingerprint proposal right now or better wait for SHA-3.  If we would
>> settle now for a new fingerprint signature subpacket we will for sure
>> need to revise that for SHA-3.  We would need to maintain code for the
>> current fingerprint as well as for a SHA-3 for a little eternity.
> 
> If we combine it with a hash-independent fingerprint -- e.g., first byte is an algorithm ID, others are the actual hash -- then we can put it in now and then run with it.

Rather than first byte being an algorithm ID, how about first byte being the version of the fingerprint?  So, it would be "4" for the current fingerprint, "5" for whatever we come up with later, etc.  If it is an algorithm ID, then we could end up with two different people encoding their fingerprints in two different ways, and have to support reading that in the clients.

David

Follow-Ups:
- Re: including the entire fingerprint of the issuer in an OpenPGP certification
  - From: Werner Koch

References:
- Re: including the entire fingerprint of the issuer in an OpenPGP certification
  - From: Peter Gutmann
- Re: including the entire fingerprint of the issuer in an OpenPGP certification
  - From: Jon Callas
- Re: including the entire fingerprint of the issuer in an OpenPGP certification
  - From: Ian G
- Re: including the entire fingerprint of the issuer in an OpenPGP certification
  - From: Werner Koch
- Re: including the entire fingerprint of the issuer in an OpenPGP certification
  - From: Jon Callas

Prev by Date: Re: including the entire fingerprint of the issuer in an OpenPGP certification
Next by Date: Re: including the entire fingerprint of the issuer in an OpenPGP certification
Previous by thread: Re: including the entire fingerprint of the issuer in an OpenPGP certification
Next by thread: Re: including the entire fingerprint of the issuer in an OpenPGP certification
Index(es):
- Date
- Thread