On Jan 18, 2011, at 5:18 PM, Daniel Kahn Gillmor wrote:
On 01/18/2011 05:05 PM, David Shaw wrote:
I don't think we want people using other than the consensus fingerprint
algorithms and methods. I suggest we make the first byte a version field,
which can be
set to '4' today for the current fingerprint, '5' for v5 keys, etc.
Are we talking about versioning the fingerprint scheme, or versioning
the key? It sounds like a versioned fingerprint scheme, not a versioned
key scheme to me.
If we say '4' means the fingerprinting standard in RFC 4880 (OpenPGPv4)
and '5' means some other fingerprint scheme then we're effectively
creating a new registry to be managed by IANA, right?
No, this would be another use of the existing public/secret key version
registry. We already have a registry that covers key versions.
I suppose we could skip that field and detect version based on size,
but why use heuristics when we can know for sure with a version byte?
We could also be sure if the name of the notation is precise enough.
Sorry - I wasn't clear enough. Rather than using a notation, I was saying that
if that we should define a "true" subpacket (not a notation) for this, but
define the subpacket in a flexible enough way that we won't be throwing the
subpacket away (or having to maintain it just for V4) when V5 comes.
David