On Thu, 7 Apr 2016 13:02, pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz
said:
fact the locatability, because the search key is no longer just a hash of the
public key but a hash of the public key and some other metadata that you may
or may not have.
In other words: With the current fingerprint scheme it is not possible
to find the fingerprint for given public key parameters. For example
this inhibits the use of arbitrary smartcards because there is no way to
get the fingerprint form the smartcard data. To help with that we had
to add creation timestamp fields to the OpenPGP smartcard specs. For
other smartcards special hacks are required.
Some expressed concerns about cross-protocol attacks w/o an OpenPGP
specific fingerprint. This could be fixed by including a few _constant_
magic bytes into the OpenPGP fingerprint computation. Similar to the
yesterday proposed signature prefix to distinguish OpenPGP signatures
from signatures uses by other protocols.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp