On Tue, 12 Apr 2016 19:44, derek(_at_)ihtfp(_dot_)com said:
This would fall under an "internal DB Identifier." DKG called that out of
scope for this discussion topic.
It is not "internal" because it is part of the OpenPGP protocol
(Signature Packet) and thus visible by all who are verifying a
signature.
I define "internal" as a property of the implementation - maybe this is
the misunderstanding.
There is no human in the loop here. That means it does not need to be
"the same" as the user-visible "fingerprint".
Need not, right. But adding yet another identifier to a key only leads
to more confusion and more complex error handling. I do not expect that
you want OpenPGP to repeat the error made by X.509.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp