Re: Fix revocation keys instead of fingerprints? (was Re: Non-SHA-1 fing

Hello,

David Shaw wrote:
> On May 5, 2009, at 2:13 AM, Daniel A. Nagy wrote:
>
> > Hi,
> >
> > David Shaw wrote:
> > > It's a larger problem than just fingerprints.  We also use a fingerprint
> > > as a specifier inside the revocation key subpacket, to designate which
> > > key can be used to issue revocations on our behalf.  The thing is,
> > > though, a fingerprint isn't really a very good revocation key specifier:
> > >
> > > Fingerprints:
> > > * Must be human-readable
> > > * Needs to be small to be useful
> > > * Can collide to some small amount (4880 even documents that they
> > > collide in section 12.2)
> > That's not the fingerprint. That's the key ID.
> A nit, but that really is the fingerprint.
>
> 12.2:
>
>    Note that there is a much smaller, but still non-zero, probability
> that two different keys have the same fingerprint.
While the probability is non-zero, but it is roughly equal to accidentally
guessing the discrete logarithm of a DSA key or a prime factor of the RSA key.

> It's not exactly *likely*, but it's not quite zero.  I heard a
> urban-legendish story once about someone who (completely accidentally)
> generated a key that just happened to have a fingerprint collision with
> someone else's key.  Unfortunately, thinking it was a bug, they deleted
> the key... make of that what you will :)
There WAS a bug and he did the right thing.

-- 
Daniel

signature.asc
Description: OpenPGP digital signature