Well I really have to say that I don't like this. It basically blows
months of work in the area of keylookup optimization techniques that I
have developed for my products. Due to the uniqueness of the keyid in a
given keyring
This has never actually been a valid assumption in old PGP, and is only a
reasonably valid assumption in 5.0+ with the 64bit keyIDs, so "months" of
work which depended on this seems based on an error. We have seen both
0xdeadbeef keys and actual random collisions in the old RSA keys. The
security reasons for combining the KeyID and Fingerprint and thus being
able to take advantage of the extra size and security were very well laid
out by Hal.
Variable KeyId's blow KeyId uniqueness out of the water. should id 123456,
id 5456, & id 456 be considered three unique keys or two unique keys ??
I think you must have misunderstood something about Hal's message. The
KeyID in the *key* is never variable. As Hal outlined, RSA keys use the
old 32bit method, and DSS/DH keys use the new fingerprint/keyID 160/64 bit
method. We're only really talking about the ESK packet on encrypted
messages here for variable size keyIDs. The issue is how much information
to reveal there. The one thing that wasn't implemented in 5.0/5 was the
small key ID size ESK Hal described -- I'd never heard it but it sounds a
truly great idea from a privacy perspective. Sometimes it is far more
important to have deniability for privacy reasons than incur the extremely
unlikely possibility of going through the extra milliseconds of trying more
than one private key, and the few bits will solve at least 95% of the cases
in one try.
Key Server Identifiers & URL's are of only limited use (communicating to
the keyservers).
Seems pretty darn useful to me. Bob has a key. It is on one server out of
thousands of keyservers. Which one? Who knows! Fortunately, Bob's key
hint tells me that his key is available for updates (revocations, new
signatures, new user IDs, etc...) from ldap://keyserver.company.com. The
old system of one big monstrous keyserver at MIT has been eliminated with
5.5 along with innumberable other improvements to the keyserver
infrastructure which will soon become apparent as we have time to get all
the information properly written up and everyone gets a chance to play with
5.5 soon when we release the Personal version. This URL hint idea was not
implemented in 5.5. Easy to add.
-Will
Will Price, Architect/Sr. Mgr.
Pretty Good Privacy, Inc.
555 Twin Dolphin Dr, Ste.570
Redwood Shores, CA 94065
Direct (650)596-1956
Main (650)572-0430
Fax (650)631-1033
Pager (310)247-6595
wprice(_at_)pgp(_dot_)com
Internet Text Paging: <mailto:1333485(_at_)roam(_dot_)pagemart(_dot_)net>
<pgpfone://clotho.pgp.com>
<http://www.pgp.com>
PGPkey: <http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x5797A80B>