ietf-openpgp
[Top] [All Lists]

Re: [openpgp] New fingerprint: to v5 or not to v5

2015-10-01 17:39:20
On Wed, Sep 30, 2015 at 2:00 AM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
On Tue, 29 Sep 2015 20:40, dkg(_at_)fifthhorseman(_dot_)net said:

v4 key and wrap it in a v5 packet, thereby producing a "new key" that's
actually the "same key".  So claiming that key material can only be used
as *either* v4 or v5 wouldn't quite be correct.

FWIW: I was thinking about this but that is not limited to OpenPGP.  I
can use the same key material for an OpenPGP key, an X.509 key, and an
SSH key.  This is actually sometimes useful if you have a single key on
a smartcard.

Have you conducted a proper cross-protocol analysis of what data each
key type is used to sign showing that this interaction doesn't lead to
bad things happening?



Salam-Shalom,

   Werner


--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp