On 05/04/2009 08:17 PM, David Shaw wrote:
Perhaps we'd do better by leaving fingerprints alone and instead fixing
how we specify revocation keys?
[...]
why not define a new revocation
subpacket that contains the class octet from the old revocation key, and
the rest of the subpacket is simply a copy of the public key packet in
question? I don't mean the whole transferable public key, of course,
just the contents of packet #6.
This seems like a good strategy to me, and a *much* simpler one than
trying to overhaul fingerprints! In fact, this seems like a good idea
whether or not fingerprints are overhauled. Are there any objections in
the WG to this re-definition of revocation key subpackets? the largest
realistic keys out there right now are still only around 1KB of a
subpacket, and revocation key subpackets themselves are pretty rare. So
the added size doesn't seem problematic to me.
--dkg
signature.asc
Description: OpenPGP digital signature