On Thu, 23 Mar 2017 15:00, tony(_at_)att(_dot_)com said:
I’m with Jon on this one – if you’re going to do truncation, then use
a scheme that’s DESIGNED to generate a truncated value. And the only
one that’s been discussed that meets that criteria is SHA2-512/t.
OpenPGP has always used a truncated hash for the keyid. The change is
that with v5 we will use use the leftmost 64 bits instead of the
rightmost 64 bit.
I explained in the original proposal the reasons why truncating certain
uses of the fingerprint makes sense.
Jon's suggestion of using SHA2-512/t does not work: if we ever need to
switch to the full fingerprint for the two signature subpackets, we
would need to define a v6 key format because the fingerprint changes by
using a different t with SHA2-512/t.
What we put into the signature subpackets is an abbreviation of the
fingerprint and this can be changed easily by introducing new signature
subpackets. This would be the same as our migration from the /Issuer/
to the /Issuer Fingerprint/ subpacket. This is an non-intrusive change
to fix the problems with the use of the 64 bit truncated fingerprint in
the /Issuer/ subpacket.
But I also find Derek’s desire to use SHA2-256 to be compelling because of
performance.
Noted.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgp8ebg13HU2w.pgp
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp