Hi there--
On Mon 2016-06-13 06:07:33 -0400, Werner Koch wrote:
--8<---------------cut here---------------start------------->8---
@@ -1055,6 +1055,7 @@ #### {5.2.3.1} Signature Subpacket Specification
30 Features
31 Signature Target
32 Embedded Signature
+ 33 Issuer Fingerprint
100 to 110 Private or experimental
An implementation SHOULD ignore any subpacket of a type that it does
@@ -1615,6 +1616,16 @@ #### {5.2.3.26} Embedded Signature
in Section 5.2 above. It is useful when one signature needs to refer
to, or be incorporated in, another signature.
+#### Issuer Fingerprint
+
+(1 octet key version number, N octets of fingerprint)
+
+The OpenPGP Key fingerprint of the key issuing the signature. The
+only possible key version number is 4 and thus N must be 20. This
+subpacket is intended to eventually replace the issuer subpacket which
+does not not unambiguously specify the key. It SHOULD be part of all
+signatures.
+
### {5.2.4} Computing Signatures
All signatures are formed by producing a hash over the signature data,
--8<---------------cut here---------------end--------------->8---
I like this proposal. I wonder if there should be some text about its
interaction with the Issuer subpacket beyond "is intended to eventually
replace" ? something like "If an Issuer subpacket is included in the
same packet as an Issuer Fingerprint subpacket, the Issuer Fingerprint
subpacket MUST be version 4, and the Issuer subpacket MUST be the low 64
bits of the fingerprint. If the Issuer Fingerprint subpacket version is
greater than 4, there MUST NOT be an Issuer subpacket included in the
same packet."
--dkg
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp