[openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a sepa

On 03/13/2014 06:02 PM, Jon Callas wrote:
> My suggestion is that you write up an I-D, and push it.
>
> My quick read looks like this is a useful thing, and it would be nice to have. 
> Just as Andrey pushed an ECC draft and there have been others, it'd be a great 
> way to go.
>
> As DKG noted, we have a constant collision, but that's not a big deal. That's 
> why we have IANA.
>
>         Jon
Thanks for your comments. I plan to write up and submit an I-D if no one 
points out egregious problems with the current proposal.
In past threads, there were discussions about supporting non-SHA-1 
fingerprints [1] and including full issuer fingerprints in signatures 
[2]. You forwarded to this list a proposal for a new fingerprint [3]. 
Did anything concrete come out of that proposal or other discussions?
In my proposal, I am using key IDs (i.e., the rightmost 8 octets of 
SHA-1 fingerprints) in a new signature subpacket, but I would like to 
switch to non-SHA-1 fingerprints if there is a standard or consensus 
about how they should be formatted. This is an opportune time to 
introduce such fingerprints since backward compatibility is not a 
relevant consideration.
Comments on this are welcome from everyone.

Vincent

[1]: https://www.ietf.org/mail-archive/web/openpgp/current/msg00253.html
[2]: https://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html
[3]: https://www.ietf.org/mail-archive/web/openpgp/current/msg00259.html

signature.asc
Description: OpenPGP digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp