On Apr 7, 2016, at 12:15 PM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
This is tricky: a further related question is how OpenPGP
implementations decide what “kind” of fingerprint to produce, or
That is easy: a v4 key creates a v4 fingerprint (SHA-1) and for the new
fingerprint we will requires a v5 key format. We have a lot of
experience with that given that v3 keys used yet another fingerprint
Sounds reasonable; I didn’t know that was the precedent for PGP but given so it
makes sense to stick to it.
And I’m coming around to agreeing with the KISS position that fingerprints
should deterministically depend only on the raw key material.
But I’m still interested in hearing any discussion of the idea of designing the
new fingerprint function so that users can (optionally) get some
fingerprint-mining protection, as proposed in my other E-mail.
Thanks
Bryan
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp