On Sat, 18 Apr 1998, Jim Gillogly wrote:
But then there is a problem. If I already have a V3 RSA key, and want to
use the V4 features, I will have to convert the key. Considering it as a
new key might work, but if I want to sign something to a V3 recipient, I
have to use the old ID along with the format (i.e. keyservers won't have
the key under the old ID).
Or are you saying I MUST not generate any V3 signatures with V4 RSA keys?
Could you achieve the desired effect by sending both the V3 and V4
versions of your RSA key to the keyservers?
Yes and no. The question is whether keyid 0x12345678 <me(_at_)here> is the
same identity as 0xdeadbeef <me(_at_)here>. And then, what if you lookup
me(_at_)here and get both keys, how do I say the V4 version is the preferred
key when there is no real way to link them? And if I revoke one, the
other is still good unless the keyserver links the keys.
Generally, I think it would make sense to promote RSA keys to V4 format
(and assuming a V4 keyserver), but be able to export them in V3 format
when necessary. The keyserver could find the key given either the V3 or
V4 keyid.
Adding these MUST options is reasonable, but then they should be added to
the spec. Letting implementations use RSA keys in both V3 and V4 contexts
on the fly is also reasonable. But something should appear in the spec
saying what should be done - Do I check both possible keyids on a V4 RSA
signature or just the V4 type? Am I allowed to export my V4 RSA key in V3
format?
I think this is an implementation and program behavior detail, and thus
should not be in the formats document. However, I approve of and applaud
your approach of being willing to accept many different combinations and
permutations of formats.
I did my code such that it tries the V4 ID first, and only if that does
not match, it then computes and tries to match on the V3 ID. When signing
I use a specified keyid (but return the V3 ID by number for my testmode
where a keyid of zero means get the first key supporting the algorithm).
Even if the exact behavior isn't specified, this ambiguity should be noted
so that implementors can take it into account instead of blindly assuming
all RSA keys should use V3 keyids, and saying "Key not found" if I V4sign
a document with an RSA key and place the V4 keyid in the signature (and
looking it up on a keyserver returns the same key, but the ID is only
computed the old way, so it will always look up the key, return it as
correctly formatted, but never be able to find it).
If an implementation imports a V4 RSA key without error, but doesn't
accept the V4 keyid to match it (for things like signatures), I consider
it a bug. And only that. Whether and how to promote/demote the keys can
be implementation dependent.
--- reply to tzeruch - at - ceddec - dot - com ---