On Thursday, October 16, 1997, Hal Finney <hal(_at_)rain(_dot_)org> wrote:
It would be interesting to hear if there are other cases where being
able to vary the size and specificity of the keyID would be appropriate.
Are there any sizes besides small (about 3 bits, perhaps), medium (64
bits), and large (160 bits) which seem useful?
My PGP 5.0 keyring currently has 12 private keys, some for nyms (pseudonymous
servers), and some under my name but with different algorithms and/or different
key lengths. (FYI, I use longer unpublished key-pairs for certain
communications, and bootstrap the key exchange through my shorter published
public keys.)
Under these conditions, three bits seems a bit too light. :-) More seriously,
an eight-bit keyID would still leave a large amount of ambiguity about which of
millions (potentially billions) of recipients was intended, but would provide a
reasonable chance that the correct key could be identified by the recipient's
software at first trial.
BTW, the PGP 5.0 practice of not identifying which key has been received makes
guessing the appropriate passphrase a real PITA. I use common passphrases for
same-length keys (RSA or DSS/EG), but different passphrases for different
lengths, and each nym has its own distinct passphrase (a second-line of
protection against my confusing my nyms, each of which has a distinct purpose).
Tom Phinney
tom(_dot_)phinney(_at_)ibm(_dot_)net
tom(_dot_)phinney(_at_)iac(_dot_)honeywell(_dot_)com