Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
I think we need to step back again and keep in mind that the (human)
authenticaton fingerprint may (should?) be different from the (internal
or external) database identifer string.
Okay. But the new scheme should allow to derive the human
authentication fingerprint from the internal fingerprint w/o the need
for additional input.
Well, this then begs the question of whether this internal fingerprint
may include additional information or if it's purely on the actual key
material. I've lost the mental context for the argument that the
identifier should be on the actual public key and not the "key
certificate".
Provided that the fingerprint is over the "public key certificate"
(i.e., public key parameters plus some additional data such as creation
and expiration times) I have no objection to the "human authentication
fingerprint" being derived from that.
Shalom-Salam,
Werner
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp