-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At the last IETF meeting, Derek discussed new drafts (particularly
this one) with Tim Polk, and either Derek can shepherd it, or we can
find someone else. I sent Derek a sketch of what I propose.
Note that it's pretty much what's been discussed here, but I used a
colon (which is what I remember in the original proposal) rather than
a dot.
From: "Jon Callas" <jcallas(_at_)pgp(_dot_)com>
Date: April 1, 2009 3:43:08 AM PDT
To: "Derek Atkins" <warlord(_at_)pgp(_dot_)com>
Cc: "Jon Callas" <jon(_at_)pgp(_dot_)com>
Subject: Re: OpenPGP Extensions Doc(s)
* PGP Signed: 04/01/2009 at 07:37:45 AM, Decrypted
...
Here's what I propose:
We define a new fingerprint.
Basics
------
The fingerprint is a struct, consisting of:
Hash Alogrithm Type (1 Octet)
Hash Value (N Octets)
The hash is computed over the same fields of the key packet, just as
in RFC4880, just with a different hash function than SHA1.
Truncations
-----------
The Hash Value may be of any size equal to or less than the natural
size of the hash function. If it is a truncation, then it is the
high-order bits. Thus, the SHA1 hash "ED15 5BDF CD41 ADFC 00F3 28B6
52BF 5A46 BC98 E63D" truncated to 64 bits is "ED15 5BDF CD41 ADFC".
There are a number of reasons truncating a fingerprint. One is for
ease in transport, display, etc. In the past, we moved from 16-byte
fingerprints to 20-byte fingerprints. While a larger fingerprint may
have increased cryptographic use, human beings still sometimes use
them
Display
-------
The normal display of a fingerprint is:
<algid>:<hex digits>
White space may be added for readability.
Example:
2:ED15 5BDF CD41 ADFC 00F3 28B6 52BF 5A46 BC98 E63D
Other formats are possible, but they should remember to show the
algorithm either numberically or symbolically. Note that RFC 4880
defines ASCII display strings for all algorithms.
Fingerprint Preference
----------- ----------
This is a new preference subpacket that is a single byte of the hash
algorithm preferred fingerprint type. Not only can this be used by
an implementation for display, but an implementation SHOULD use this
algorithm for determining a key id when encrypting to that key.
If this preference is not present, the implementation SHOULD use old-
style SHA1 fingerprints.
Key IDs
--- ---
OpenPGP already has one natural truncation of the fingerprint, the
Key ID. Under this proposal, a Key ID is a 64-bit truncation of the
Hash Value of a fingerprint. An example is given above.
Note that for SHA1, this means that there are two possible Key IDs,
the old one and a new one. RFC 4880 (and 2440 before it) already
said that an implementation must recognize that there could be
collisions in Key IDs. An implementation SHOULD use the old-style
one unless there is a preference specifying SHA1.
Other places to look at
----- ------ -- ---- --
We need to look at updating (or handwaving) 5.2.3.15. Revocation Key.
What do you think?
Jon
--
Jon Callas
CTO, CSO
PGP Corporation Tel: +1 (650) 319-9016
200 Jefferson Drive Fax: +1 (650) 319-9001
Menlo Park, CA 94025 PGP: ed15 5bdf cd41 adfc 00f3
USA 28b6 52bf 5a46 bc98 e63d
* Jon Callas <jcallas(_at_)pgp(_dot_)com>
* 0xBC98E63D(L)
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFJ/3slsTedWZOD3gYRAlWTAJ9C2q5AAqUNMLMbsNlz/teDfMaT+ACfYm4U
iGyxP9l5DBF+7yAfwR83uu0=
=SV8T
-----END PGP SIGNATURE-----