[Top] [All Lists]

Re: Encoding "secret key is hashed"

2001-08-24 07:38:20

Michael Young <mwy-opgp97(_at_)the-youngs(_dot_)org> wrote:

Back in March, I opined that an S2K bit was out of place,
noting that the S2K itself isn't broken, and that it is
used in other contexts.

I agree.

Hal Finney offered the following alternative, which I like
much better than tweaking the S2K itself:

Another place we could represent the alternative format is the byte
which comes shortly before the S2K in the secret key packet.  This
byte is fixed at a value of 255 to flag that an S2K is in use.  We
could perhaps use some alternate value for this byte to flag that the
private key is using a different form of checksum protection.

Perhaps a value of 254?

I assume that you still want to change the version number to 5 as in your March posting?

In that case, I do not really see a reason to bother with changing this value at all, because there is no real reason to support the old checksum protection for version 5 keys anyway.

On a slightly related note, could we also add placeholders
to the spec for the NAI-specific things that have come into
practice?  One example is the S2K bits for raw and split keys,
which is why it came to mind now.  Hal mentioned an X.509
certificate signature subpacket, and a CRL packet type.  The
PhotoID packet is yet another that was discussed recently.

This would indeed be helpful.