Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a

On Fri, Mar 14, 2014 at 10:36:23AM -0400, Vincent Yu wrote:
> On 03/14/2014 10:24 AM, Peter Pentchev wrote:
> > On Thu, Mar 13, 2014 at 10:39:31PM -0400, Vincent Yu wrote:
> > > Thanks for the info. I will likely follow your suggestion and modify
> > > my proposal to use V4 fingerprints rather than key IDs.
> > Hm, how exactly would this deal with the existence of multiple signing
> > subkeys, all associated with the same master public key?  Your current
> > proposal explicitly allows for that, using the key IDs; I guess there
> > might be a need to include *both* the fingerprint of the master key
> > *and* some kind of identification of the subkey actually used for
> > signing.
> Isn't there a V4 fingerprint defined for every key, including for
> each subkey? I think it would be okay just to include the
> fingerprints of all possible signing keys, regardless of whether
> they are primary keys or subkeys.
>
> If I've misunderstood something, please let me know.
Argh, sorry, stupid of me; of course you're right.  I was a bit misled
by the fact that GnuPG, by default, only outputs the fingerprint of the
primary key when --fingerprint is specified on the command line; I kind
of missed the part where --fingerprint may be given more than once and
it will output the fingerprints of all the subkeys.

G'luck,
Peter

-- 
Peter Pentchev  roam(_at_)ringlet(_dot_)net roam(_at_)FreeBSD(_dot_)org 
p(_dot_)penchev(_at_)storpool(_dot_)com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
If the meanings of 'true' and 'false' were switched, then this sentence 
wouldn't be false.

signature.asc
Description: Digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp