ietf-openpgp
[Top] [All Lists]

Re: including the entire fingerprint of the issuer in an OpenPGP certification

2011-01-18 16:31:07
On 01/18/2011 05:05 PM, David Shaw wrote:
I don't think we want people using other than the consensus fingerprint 
algorithms and methods.  I suggest we make the first byte a version field, 
which can be 
set to '4' today for the current fingerprint, '5' for v5 keys, etc.

Are we talking about versioning the fingerprint scheme, or versioning
the key?  It sounds like a versioned fingerprint scheme, not a versioned
key scheme to me.

If we say '4' means the fingerprinting standard in RFC 4880 (OpenPGPv4)
and '5' means some other fingerprint scheme then we're effectively
creating a new registry to be managed by IANA, right?

I have no objection to that (and presumably it would be an exceptionally
slow-growing registry) but it'd be good to be clear about what we're doing.

I'd just as soon name the notation issuer-fpr4@whatever.example for the
current fingerprint and then name a new notation
issuer-fpr5@whatever.example when that happens, reusing the existing
notation registry.

(or, if this works and we want iana to allocate a "global" notation
title, just ask for "issuer-fpr4" now, an "issuer-fpr5" later)

This is all fiddly syntax choices, of course, without much importance,
other than avoiding (current and future) bureaucratic overhead.

I suppose we could skip that field and detect version based on size,
but why use heuristics when we can know for sure with a version byte?

We could also be sure if the name of the notation is precise enough.

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature

<Prev in Thread] Current Thread [Next in Thread>