ietf-openpgp
[Top] [All Lists]

Re: V5 key packet format requirements

2006-02-03 06:23:25

--On 2-2-2006 17:07 +0100 "Daniel A. Nagy" <nagydani(_at_)epointsystem(_dot_)org> wrote:

1. Exclude creation date from fingerprint and key ID hash computation (and
maybe from the key packet, too -- it belongs to the self-signature). This
would mean that the key fingerprint and ID depend only on the actual key
(key material + algorithm).

IMHO, things that have nothing to do with the user ID should not be in a self-signature, but in a direct key signature (type 0x1F) instead.


2. Scrap encrypted private keys. We already have a symmetrically encrypted
container format with sufficient integrity protection, so there is no
reason to maintain another one. Just put the unencrypted private key
packet into that container, if you need encryption. This will reduce the
number of things to worry about and make the security of OpenPGP easier
to assess and maintain.

Agreed.


4. Support for exporting and importing subkeys.

Why is this needed? Isn't this possible already using the current (V4) packet formats?


--
Edwin