[Top] [All Lists]

Re: [openpgp] New fingerprint: to v5 or not to v5

2015-10-01 17:39:20
On Wed, Sep 30, 2015 at 2:00 AM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
On Tue, 29 Sep 2015 20:40, dkg(_at_)fifthhorseman(_dot_)net said:

v4 key and wrap it in a v5 packet, thereby producing a "new key" that's
actually the "same key".  So claiming that key material can only be used
as *either* v4 or v5 wouldn't quite be correct.

FWIW: I was thinking about this but that is not limited to OpenPGP.  I
can use the same key material for an OpenPGP key, an X.509 key, and an
SSH key.  This is actually sometimes useful if you have a single key on
a smartcard.

Have you conducted a proper cross-protocol analysis of what data each
key type is used to sign showing that this interaction doesn't lead to
bad things happening?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

openpgp mailing list

"Man is born free, but everywhere he is in chains".

openpgp mailing list