Hi,
Thank you for your writeup....
Daniel Kahn Gillmor <dkg(_at_)fifthhorseman(_dot_)net> writes:
[snip]
I tend to agree with the discussion elsewhere in this thread that
"internal database ID" is *not* the defining use case for the
fingerprint, so i'm not including it here.
I think there are only two use cases:
a) looking up a particular OpenPGP key in some remote database like a
public keyserver
b) confirming that a particular key matches some out-of-band
communication
I would argue that (b) is more important than (a). Your use-case (a)
sounds more like a DB Handle, so arguably it should be elided because
you've scoped your specification saying that "internal database ID is
not the defining use case". Or are you saying that we have both an
internal database ID and an external database ID?
Beyond that, I agree with the rest of what you said.
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp