Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a separable ring signature scheme...]
2014-03-13 21:39:52On 03/13/2014 10:26 PM, Daniel Kahn Gillmor wrote:
the OpenPGP fingerprint revision discussions have not yet terminated in
a clear conclusion -- the last stage we reached was was "wait until
SHA-3 has settled down and then reconsider".
You should *not* use keyIDs as distinct identifiers in the subpacket
body of the ring signature design; the use of keyIDs in the traditional
issuer subpacket is a mistake that i hope we don't propagate if/when
OpenPGPv5 ever gets standardized.
Your I-D should have the subpacket body built from either OpenPGPv4
fingerprints, or full public key packets. the search space for key IDs
is too small to distinguish "bad signature" from "i don't have the
appropriate key" with sufficient confidence, which causes all sorts of
nasty UI edge cases.
--dkg
Thanks for the info. I will likely follow your suggestion and modify my proposal to use V4 fingerprints rather than key IDs.
Vincent
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openpgp mailing list openpgp(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/openpgp
| Previous by Date: | Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a separable ring signature scheme...], Daniel Kahn Gillmor |
|---|---|
| Next by Date: | Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a separable ring signature scheme...], David Shaw |
| Previous by Thread: | Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a separable ring signature scheme...], Daniel Kahn Gillmor |
| Next by Thread: | Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a separable ring signature scheme...], Peter Pentchev |
| Indexes: | [Date] [Thread] [Top] [All Lists] |