On Tue, Apr 28, 2015 at 10:04 AM, Derek Atkins <derek(_at_)ihtfp(_dot_)com>
wrote:
Of course. And in many use cases that's probably sufficient. I see use
cases where it is not sufficient so I'd like to re-gain that feature.
I think this is a use case but a distinct usecase from the usual
interpretation of fingerprint on a businesscard.
We need a range of fingerprints for different purposes and that is why
I want to have the content-type to be part of the data that is being
hashed.
One use case is to create a persistent identifier that is indexical to
a public key they are the holder of. This form of identifier can be a
'life long' identity that is immutable and can be depended no not to
change even though the holders name (marriage) and email address are
likely to.
The way to address that use case is to hash a public key and algorithm
identifier and absolutely nothing else and if the identity is going to
last a lifetime you probably want that to be just a signature key for
an offline root.
If the syntax is PKIX then this would be application/pkix-keyinfo. For
PGP the content type application/pgp-keyinfo probably makes sense.
Another use case is to introduce a key that is going to be used to
execute contracts. Here my preferred mechanism would be SAML because
that is what the assertion infrastructure was originally architected
to support.
I can see applications that fall short of binding contracts where it
makes sense to expire the fingerprint and to bind it to both an
expiration date and a subject identity.
If the syntax is PKIX then this would be application/pkix-cert. For
PGP the content type application/pgp-keysigning probably makes sense.
Long term I would want to redo SAML with {} instead of <> and the
result would probably be something like application/json-assertion.
But that is currently at the research stage.
Yet another use for fingerprint technology is in exchanging and
displaying status of append only logs. Over the past couple of weeks I
have been looking into that and the results are very encouraging. JSON
sequences work extremely well. Much better than might have been hoped.
Lets say you go past a billboard in Times Square New York that has a
fingerprint on it. You look at your watch and you can see that its the
same as the hash of last night's closure on the blockchain. If it is
different then you know that someone, somewhere is doing something
dishonest or they have messed up big. Important information either
way.
The fact that your watch has the same closure as everyone else is
demonstration that your entire personal digital infrastructure is in
sync with the consensus.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp