Werner,
On Tue, April 12, 2016 1:18 pm, Werner Koch wrote:
On Tue, 12 Apr 2016 16:38, derek(_at_)ihtfp(_dot_)com said:
I would argue that (b) is more important than (a). Your use-case (a)
sounds more like a DB Handle, so arguably it should be elided because
(a) is required to lookup a key for a signature. Sure this could also
be done using mail address included in the signature. But a fingerprint
can work even if a mail provider re-assigns a mail address (assuming the
mail provider uses OpenPGP DANE or PKA).
Right now a signature includes only a keyid but for rfc4880bis we will
add a new subpacket for the fingerprint.
This would fall under an "internal DB Identifier." DKG called that out of
scope for this discussion topic.
There is no human in the loop here. That means it does not need to be
"the same" as the user-visible "fingerprint".
Shalom-Salam,
Werner
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp