Re: Fix revocation keys instead of fingerprints? (was Re: Non-SHA-1 fing

On 05/04/2009 08:17 PM, David Shaw wrote:

Perhaps we'd do better by leaving fingerprints alone and instead fixing
how we specify revocation keys?

 [...]

why not define a new revocation
subpacket that contains the class octet from the old revocation key, and
the rest of the subpacket is simply a copy of the public key packet in
question?  I don't mean the whole transferable public key, of course,
just the contents of packet #6.


This seems like a good strategy to me, and a *much* simpler one than
trying to overhaul fingerprints!  In fact, this seems like a good idea
whether or not fingerprints are overhauled.  Are there any objections in
the WG to this re-definition of revocation key subpackets?  the largest
realistic keys out there right now are still only around 1KB of a
subpacket, and revocation key subpackets themselves are pretty rare.  So
the added size doesn't seem problematic to me.

        --dkg

signature.asc
Description: OpenPGP digital signature

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: Non-SHA-1 fingerprints, Daniel Kahn Gillmor

Next by Date:

Re: New results against SHA-1, Peter Gutmann

Previous by Thread:

Fix revocation keys instead of fingerprints? (was Re: Non-SHA-1 fingerprints), David Shaw

Next by Thread:

Re: Fix revocation keys instead of fingerprints?, Werner Koch

Indexes:

[Date] [Thread] [Top] [All Lists]

Re: Fix revocation keys instead of fingerprints? (was Re: Non-SHA-1 fingerprints)