[Top] [All Lists]

Re: [openpgp] New fingerprint: to v5 or not to v5

2015-10-05 06:36:11
On Mon,  5 Oct 2015 12:27, pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz 

... which is a major pain because the value used to ID the key changes with
any tiny change in the metadata surrounding it, so you can no longer identify
the key that was used to sign something.  The timestamp is the real killer,
since non-PGP key formats don't record this and there's no explicit storage of

The only variable thing is the timestamp with the creation date.
Everything else is fixed and depends only on the key material.

I very well know the pain with the creation date which for example
forces the OpenPGP card to have a creation date DO in addition to the
fingerprint and in some other cases you need to guess/try the creation
date to make a fingerprint form the raw key material.

Is your request to leave the timestamp out of a v5 fingerprint

That would make some things easier but raises the issue that the owner
of the key can change the creation date and only the then broken key
signatures and the history of self-signatures would reflect this.

If the keyring format is redefined for the PGPng, I'd really like to see the

That is out of scope for the current work.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

openpgp mailing list