ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Fingerprints and their collisions resistance

2013-01-05 17:22:26
On 01/05/2013 06:04 PM, Werner Koch wrote:
On Sat,  5 Jan 2013 20:38, iang(_at_)iang(_dot_)org said:

Fingerprints aren't really for the wire, and if you use them for the
wire, you're exercising your right to develop your own security model
and threat model.  For my money - don't do that.

The fingerprint is used for an revocation key (5.2.3.15).  However, your
policy may simply disallow the use of a revocation key if this is a
threat to you.

iirc, there was a rough consensus within this working group that this
was probably a mistake in RFC 4880, and any future revision of the draft
should place the full key material into the revocation key subpacket
instead of the key's fingerprint.

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
<Prev in Thread] Current Thread [Next in Thread>