hal(_at_)finney(_dot_)org writes:
Do we need to define a new packet format, V5 for keys?
A V5 key format could address the protocol error with key expiration,
too.
Or could we keep the old format number and use the length difference
of a 20-byte HMAC vs a 2-byte checksum to recognize which one is
being used?
Hmm. What about introducing a new secret key packet with a hash
instead of a checksum? This approach seems to be much cleaner, and it
doesn't cause surprising problems for the end user.
--
Florian Weimer
Florian(_dot_)Weimer(_at_)RUS(_dot_)Uni-Stuttgart(_dot_)DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898