On Fri, 17 Apr 1998, Jon Callas wrote:
At 05:33 PM 4/17/98 -0400, tzeruch(_at_)ceddec(_dot_)com wrote:
I brought this up before. I can create a V4 fingerprint and keyid using
an RSA key, but it will be different than the V3 keyid. I have some kluge
working so that PGP 2.6.X will work, but this isn't really addressed.
If I use V4 stuff everywhere, shouldn't I use the V4 keyid? Does any
version of PGP match on a V4 (SHA1-hash) RSA Keyid? (I match on both -
the later versions of my code look for a matching V4 keyid and only if it
does NOT match will it compute the V3 keyid).
If you have the same key material that is used in a V3 key and a V4 key, it
will have a different keyid and fingerprint. This is a feature, not a bug.
One of the reasons for the new format is that keyids can be forged.
I didn't say it was a bug. But there is no mention in the section on
Keyids of the fact that an RSA key will have a different value under V3
v.s. V4. And says nothing about which one to use in the KeyID fields in
the subpackets I generate.
Within the openPGP framework, a keyid is a 64 bit number, and you can use
them at will.
Which is fine when there is a one-to-one mapping. What I am pointing out
is technically a keyid is either of two possible 64 bit numbers.
It's a perfectly fine feature to have V3 => V4 migration, but I'd consider
the V4 key to be a completely separate key, and forget that it shares bits
with the V3 one.
But then there is a problem. If I already have a V3 RSA key, and want to
use the V4 features, I will have to convert the key. Considering it as a
new key might work, but if I want to sign something to a V3 recipient, I
have to use the old ID along with the format (i.e. keyservers won't have
the key under the old ID).
Or are you saying I MUST not generate any V3 signatures with V4 RSA keys?
i.e. that the migration creates an entirely new key (then why migrate?).
If I want to have V3 capabilities, MUST? I leave the key and corresponding
ID in a V3 format? So a corolary would be "I MUST not generate V4
signatures with a V3 RSA key?
Adding these MUST options is reasonable, but then they should be added to
the spec. Letting implementations use RSA keys in both V3 and V4 contexts
on the fly is also reasonable. But something should appear in the spec
saying what should be done - Do I check both possible keyids on a V4 RSA
signature or just the V4 type? Am I allowed to export my V4 RSA key in V3
format?
I am only pointing out that the current (preliminary) spec doesn't address
this anywhere that I have found, and something should be written in before
it is released.
--- reply to tzeruch - at - ceddec - dot - com ---