On Tue, 12 Apr 2016 16:38, derek(_at_)ihtfp(_dot_)com said:
I would argue that (b) is more important than (a). Your use-case (a)
sounds more like a DB Handle, so arguably it should be elided because
(a) is required to lookup a key for a signature. Sure this could also
be done using mail address included in the signature. But a fingerprint
can work even if a mail provider re-assigns a mail address (assuming the
mail provider uses OpenPGP DANE or PKA).
Right now a signature includes only a keyid but for rfc4880bis we will
add a new subpacket for the fingerprint.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp