ietf-openpgp
[Top] [All Lists]

[openpgp] Issuer Fingerprint

2016-06-13 05:11:51
Hi!

It is a long time problem in OpenPGP that signatures have no way to
unambiguously specify the key used to create the signature.  The specs
suggest the use of the Issuer subpacket to convey the long keyid of the
issuing key.  However, it is possible to create colliding 64 bit keyids
and thus it is possible that a user downloads the wrong key for a
signature; this will yield a bad signature status and the user has no
easy means to decide whether this is is really a bad signature, or due
to the use of a colliding public key. 

This can easily be solved by including the full fingerprint of the key
in the signature.  Introducing such a feature can be made orthogonal to
a new fingerprint format.  I propose this change:

--8<---------------cut here---------------start------------->8---
@@ -1055,6 +1055,7 @@ #### {5.2.3.1} Signature Subpacket Specification
           30   Features
           31   Signature Target
           32   Embedded Signature
+          33   Issuer Fingerprint
   100 to 110   Private or experimental

 An implementation SHOULD ignore any subpacket of a type that it does
@@ -1615,6 +1616,16 @@ #### {5.2.3.26} Embedded Signature
 in Section 5.2 above.  It is useful when one signature needs to refer
 to, or be incorporated in, another signature.

+#### Issuer Fingerprint
+
+(1 octet key version number, N octets of fingerprint)
+
+The OpenPGP Key fingerprint of the key issuing the signature.  The
+only possible key version number is 4 and thus N must be 20.  This
+subpacket is intended to eventually replace the issuer subpacket which
+does not not unambiguously specify the key.  It SHOULD be part of all
+signatures.
+
 ### {5.2.4} Computing Signatures

 All signatures are formed by producing a hash over the signature data,
--8<---------------cut here---------------end--------------->8---



Shalom-Salam,

   Werner


--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: https://alt-hochdahl.de/haus */

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>