I would like to suggest that a Issuer Key Fingerprint be added to the
acceptable Signature Subpacket types (sec 5.2.2.2). I suspect that this
fingerprint should be an MPI since its a hash of the Issuer Signing key
While I was trying to write some code that will build and use standalone
signatures it occured to me that in order to test that a standalone
signature
packet is valid you either need to compare it against the Issuer's Key
Fingerprint or test the sig against a possible number of keyid matches.
I feel that Issuer Key ID is mostly useful for quick lookup a key, but
offers a higher chance of key collision than a fp would, so that having
both available is useful.
I understand that there is mmotavation to evolve the standard away from 8
octet keyIDs to nbyte key Fp, and this thing is beter addressed in a v2
spec, but this addition in the v1 spec shouldnt break anything. (I hope)
any comments?
__________________________________________________________________________
Vinnie Moscaritolo tel: 415.524.6222 Pretty Good Privacy, Inc.
Chief Consulting Engineer main: 415.572.0430 2121 S. El Camino Real
<vinnie(_at_)pgp(_dot_)com> web: http://www.pgp.com San Mateo, CA 94403
DH Key: http://keys.pgp.com:11371/pks/lookup?op=get&search=0x070A5CFF
1 if by land, 2 if by sea.
Paul Revere - encryption 1775
__________________________________________________________________________