On Jan 18, 2011, at 4:31 AM, Werner Koch wrote:
On Tue, 18 Jan 2011 09:06, iang(_at_)iang(_dot_)org said:
And, head towards the fingerprint, the whole fingerprint and nothing
but the fingerprint! Dispense with all these weird and wonderful
I agree. Further I am not sure whether we should do this full
fingerprint proposal right now or better wait for SHA-3. If we would
settle now for a new fingerprint signature subpacket we will for sure
need to revise that for SHA-3. We would need to maintain code for the
current fingerprint as well as for a SHA-3 for a little eternity.
What if we made up a new subpacket that was defined as simply "the fingerprint"
(that is, without specifying special encoding, or version, or what-have-you).
For today, that is the full SHA-1 fingerprint we know and love. In the future,
the same subpacket could be used in the V5 world as well (we'd have to have a
way of telling a V4 from a future V5 fingerprint, but we need to do that
anyway). This is similar to how the current "signer ID" subpacket works - it
can take V3 or V4 key IDs.
One of the things I wanted to push for in V5 was to use full fingerprints
instead of key IDs internally. This new subpacket could be the new "signer ID"
subpacket.
David