Christoph Anton Mitterer <calestyo(_at_)scientia(_dot_)net> writes:
On Mon, 2015-04-20 at 11:17 -0400, Derek Atkins wrote:
* what material gets digested; at a minmum, this is:
- the algorithm for the key (incl. any parameters)
- public key values (mpi's, bitstrings)
it's not clear to me that there is any advantage to adding
anything else here.
I still believe that the creation time (and key expiration time, if it
exists) should be included.
I think the same accounts for the key usage flags. Or actually, we
should perhaps make primary keys to be generally certifying-only keys.
I generally agree with this, modulo what I have written in
draft-atkins-openpgp-device-certificates that allows encryption-only
primary keys.
And specifying a expiration time (even if it's 0) should be mandatory.
Cheers.
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp