On Thu, Oct 1, 2015 at 6:39 PM, Watson Ladd <watsonbladd(_at_)gmail(_dot_)com>
wrote:
On Wed, Sep 30, 2015 at 2:00 AM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
On Tue, 29 Sep 2015 20:40, dkg(_at_)fifthhorseman(_dot_)net said:
v4 key and wrap it in a v5 packet, thereby producing a "new key" that's
actually the "same key". So claiming that key material can only be used
as *either* v4 or v5 wouldn't quite be correct.
FWIW: I was thinking about this but that is not limited to OpenPGP. I
can use the same key material for an OpenPGP key, an X.509 key, and an
SSH key. This is actually sometimes useful if you have a single key on
a smartcard.
Have you conducted a proper cross-protocol analysis of what data each
key type is used to sign showing that this interaction doesn't lead to
bad things happening?
Yes, hence the reason for my UDF design which salts the hash with the mime
content type of the data being hashed. Thus one fingerprint format can be
used for a S/MIME key or an OpenPGP key or an SSH key.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp