Paul Wouters <paul(_at_)nohats(_dot_)ca> writes:
We are happy to accept such proposed text, please send it to the list :)
Well, if I write it people may be less happy with the text :-). OK, how
about, after the paragraph "Note that it is possible for there to be
collisions of Key IDs", add:
-- Snip --
There are no cryptographic issues introduced by this since the fingerprint is
merely a fixed-length opaque value used to identify the variable-length
structured data that makes up a public key. In particular the move to SHA-256
for V5 fingerprints was made not to address any cryptographic vulnerability
but to avoid the perception that something insecure might be happening due to
the use of SHA-1.
-- Snip --
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp