Daniel Kahn Gillmor <dkg(_at_)fifthhorseman(_dot_)net> writes:
On Tue 2016-04-12 04:34:09 -0400, Vincent Breitmoser wrote:
Daniel Kahn Gillmor(dkg(_at_)fifthhorseman(_dot_)net)@Mon, Apr 11, 2016 at
08:40:22PM -0400:
* it should be cheap to compute from a given key -- you shouldn't need
a gig of RAM or a minute of CPU to calculate the fingerprints of any
key.
Strictly speaking, we can be slightly less restrictive: It must be
cheap to verify, given a fingerprint, that it's the correct one for a
key. This distinction does not make a difference unless we store the
fingerprints as part of the data format (which we probably shouldn't),
so this is more of an academic point.
Right, i don't think we should store the fingerprint as part of the data
format, so we still need to be able to rapidly generate it, not just
verify it.
Nothing stops an implementation from storing the computed fingerprint
alongside the key/certificate. Indeed, I would encourage
implementations to do just that for speed, especially with extremely
large keyrings.
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp