ietf-openpgp
[Top] [All Lists]

Re: including the entire fingerprint of the issuer in an OpenPGP certification

2011-01-18 16:01:03

On Jan 18, 2011, at 12:48 PM, Jon Callas wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I agree.  Further I am not sure whether we should do this full
fingerprint proposal right now or better wait for SHA-3.  If we would
settle now for a new fingerprint signature subpacket we will for sure
need to revise that for SHA-3.  We would need to maintain code for the
current fingerprint as well as for a SHA-3 for a little eternity.

If we combine it with a hash-independent fingerprint -- e.g., first byte is 
an algorithm ID, others are the actual hash -- then we can put it in now and 
then run with it.

Rather than first byte being an algorithm ID, how about first byte being the 
version of the fingerprint?  So, it would be "4" for the current fingerprint, 
"5" for whatever we come up with later, etc.  If it is an algorithm ID, then we 
could end up with two different people encoding their fingerprints in two 
different ways, and have to support reading that in the clients.

David

<Prev in Thread] Current Thread [Next in Thread>