Werner,
Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
On Tue, 12 Apr 2016 19:44, derek(_at_)ihtfp(_dot_)com said:
This would fall under an "internal DB Identifier." DKG called that out of
scope for this discussion topic.
It is not "internal" because it is part of the OpenPGP protocol
(Signature Packet) and thus visible by all who are verifying a
signature.
I define "internal" as a property of the implementation - maybe this is
the misunderstanding.
Probably. To me the key part of "internal" means "a human never sees
it". I'm considering "internal" to be "in the data formats", which can
be used between implementations and not just within a single
implementation.
There is no human in the loop here. That means it does not need to be
"the same" as the user-visible "fingerprint".
Need not, right. But adding yet another identifier to a key only leads
to more confusion and more complex error handling. I do not expect that
you want OpenPGP to repeat the error made by X.509.
We already, to some degree, have that issue. There's the keyID and
there's the fingerprint. They are different (although with v4 one is
derived from the other).
I think we need to step back again and keep in mind that the (human)
authenticaton fingerprint may (should?) be different from the (internal
or external) database identifer string.
Salam-Shalom,
Werner
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp