Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a

On 03/13/2014 09:28 PM, Vincent Yu wrote:
> In past threads, there were discussions about supporting non-SHA-1
> fingerprints [1] and including full issuer fingerprints in signatures
> [2]. You forwarded to this list a proposal for a new fingerprint [3].
> Did anything concrete come out of that proposal or other discussions?
>
> In my proposal, I am using key IDs (i.e., the rightmost 8 octets of
> SHA-1 fingerprints) in a new signature subpacket, but I would like to
> switch to non-SHA-1 fingerprints if there is a standard or consensus
> about how they should be formatted. This is an opportune time to
> introduce such fingerprints since backward compatibility is not a
> relevant consideration.
the OpenPGP fingerprint revision discussions have not yet terminated in
a clear conclusion -- the last stage we reached was was "wait until
SHA-3 has settled down and then reconsider".

You should *not* use keyIDs as distinct identifiers in the subpacket
body of the ring signature design; the use of keyIDs in the traditional
issuer subpacket is a mistake that i hope we don't propagate if/when
OpenPGPv5 ever gets standardized.

Your I-D should have the subpacket body built from either OpenPGPv4
fingerprints, or full public key packets.  the search space for key IDs
is too small to distinguish "bad signature" from "i don't have the
appropriate key" with sufficient confidence, which causes all sorts of
nasty UI edge cases.

        --dkg

signature.asc
Description: OpenPGP digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp