ietf-openpgp
[Top] [All Lists]

RE: Secure receipts

1997-10-16 12:40:19
Ian,

  Would it not be better to start using KeyFingerPrint
rather than KeyID as the identifier.

where a KeyFingerPrint Field is

KeyID (for old software and keyservers)
Message digest algorithm used
Digest of Key

as it is easy to produce a key with a specific KeyID
and Those people still wanting Vanity Keys can still have
there message within the Base64 Encoded Public Key.

Mike

----------
From:   Ian Brown
Sent:   16 October 1997 16:58
To:     IETF OpenPGP
Subject:        Secure receipts

-----BEGIN PGP SIGNED MESSAGE-----

Something which has been mentioned over the last few days, which I also
think would be enormously useful, is the possibility to do secure
message receipts. When an OpenPGP client succesfully decrypts a message
which has a flag set requesting a message receipt, it could mail back a
secure receipt packet which would look something like the following
(this is just a very first draft, based on the current Signature
packet):

Header: We would need to choose a new packet ID number
Version number = 4
Length of following material included in MD calculation
|Signature classification
|Timestamp
|Some identification of the message receipt is for (e.g.
<1897(_dot_)877010412(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk> as given in the 
Message-ID: field of a
message). This could be flexible to allow for receipts for data
transferred using other protocols.
|Message digest algorithm
|Digest of message receipt is for
Key ID for key used for signing
Public-key cryptosystem type
Message digest algorithm
First two bytes of MD output as checksum
Signed digest of fields above marked with |

Does this sound feasible/desirable? If so, maybe this could go in the
second draft? I know we want to get the standard out ASAP, but this is
quite a simple and isolated proposal which shouldn't be too difficult to
add in...

Ian.

-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.2.2

iQCVAgUBNEY5jJpi0bQULdFRAQEuJAQAnylXfYZ/FZosCvd0yCwtBoGC31WmBMLW
Pyff3tsOAqpuFxgMAtahnykEXOSs9AJJJOo7ER5AFUawja2/RVEbn7m3XELdTWZa
5QlenZ8Ac4U5OTpdLQvavsWClzAppD7WwaOj4+9aMau6QUMR6W0w7ZFYAr1OOzEr
e1oz3CtQ+L8=
=nVqZ
-----END PGP SIGNATURE-----



<Prev in Thread] Current Thread [Next in Thread>