On Mar 13, 2014, at 9:28 PM, Vincent Yu <v(_at_)v-yu(_dot_)com> wrote:
On 03/13/2014 06:02 PM, Jon Callas wrote:
My suggestion is that you write up an I-D, and push it.
My quick read looks like this is a useful thing, and it would be nice to
have. Just as Andrey pushed an ECC draft and there have been others, it'd be
a great way to go.
As DKG noted, we have a constant collision, but that's not a big deal.
That's why we have IANA.
Jon
Thanks for your comments. I plan to write up and submit an I-D if no one
points out egregious problems with the current proposal.
In past threads, there were discussions about supporting non-SHA-1
fingerprints [1] and including full issuer fingerprints in signatures [2].
You forwarded to this list a proposal for a new fingerprint [3]. Did anything
concrete come out of that proposal or other discussions?
In my proposal, I am using key IDs (i.e., the rightmost 8 octets of SHA-1
fingerprints) in a new signature subpacket, but I would like to switch to
non-SHA-1 fingerprints if there is a standard or consensus about how they
should be formatted. This is an opportune time to introduce such fingerprints
since backward compatibility is not a relevant consideration.
Changing fingerprints raises a lot of complexity that you may not want tied to
your I-D. I suspect that non-SHA-1 fingerprints will not happen without an
accompanying V5 key format.
With regards to your I-D, I recommend using the full fingerprint instead of the
64-bit key ID in your sig subpacket. That is the least ambiguous way to
specify a key today, and while it is V4 specific, it can be easily changed if
and when the fingerprint changes, just like the revocation key subpacket will
need to be.
(Though see https://www.ietf.org/mail-archive/web/openpgp/current/msg00260.html
)
David
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp