Re: [openpgp] Issuer Fingerprint (issue#3)
Werner Koch <wk@gnupg.org> Mon, 24 October 2016 17:03 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 083C4129444 for <openpgp@ietfa.amsl.com>; Mon, 24 Oct 2016 10:03:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DvuZn1diC7zF for <openpgp@ietfa.amsl.com>; Mon, 24 Oct 2016 10:03:31 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32C1612986B for <openpgp@ietf.org>; Mon, 24 Oct 2016 10:03:24 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1byieg-00065H-2l for <openpgp@ietf.org>; Mon, 24 Oct 2016 19:03:22 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1byiX0-0001eW-LV; Mon, 24 Oct 2016 18:55:26 +0200
From: Werner Koch <wk@gnupg.org>
To: openpgp@ietf.org
References: <87mvmp5rmi.fsf@wheatstone.g10code.de> <87y46720pc.fsf@alice.fifthhorseman.net> <87r3bztzxi.fsf@wheatstone.g10code.de>
Organisation: The GnuPG Project
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367
Mail-Followup-To: openpgp@ietf.org, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 24 Oct 2016 18:55:21 +0200
In-Reply-To: <87r3bztzxi.fsf@wheatstone.g10code.de> (Werner Koch's message of "Tue, 14 Jun 2016 19:58:49 +0200")
Message-ID: <87lgxdelfq.fsf_-_@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Israel_tempest_radar_Firewalls_corporate_security_Abbas_Baranyi_pass"; micalg="pgp-sha1"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/-Dpc6bg8XLRfBSopCaLW8-o8bLE>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [openpgp] Issuer Fingerprint (issue#3)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2016 17:03:36 -0000
Hi! I have seen no more comments on the second version of an Issuer Fingerprint signature sub packet. Thus unless I hear a strong opinion against it by Thursday, I will push that to the repo so that it gets included in the next draft version. For convenience I copy the diff below. Salam-Shalom, Werner [https://gitlab.com/openpgp-wg/rfc4880bis/issues/3] --8<---------------cut here---------------start------------->8--- @@ -1055,6 +1055,7 @@ #### {5.2.3.1} Signature Subpacket Specification 30 Features 31 Signature Target 32 Embedded Signature + 33 Issuer Fingerprint 100 to 110 Private or experimental An implementation SHOULD ignore any subpacket of a type that it does @@ -1155,7 +1156,9 @@ #### {5.2.3.5} Issuer (8-octet Key ID) -The OpenPGP Key ID of the key issuing the signature. +The OpenPGP Key ID of the key issuing the signature. If the version +of that key is greater than 4, this subpacket MUST NOT be included in +the signature. #### {5.2.3.6} Key Expiration Time @@ -1615,6 +1618,19 @@ #### {5.2.3.26} Embedded Signature in Section 5.2 above. It is useful when one signature needs to refer to, or be incorporated in, another signature. +#### Issuer Fingerprint + +(1 octet key version number, N octets of fingerprint) + +The OpenPGP Key fingerprint of the key issuing the signature. This +subpacket SHOULD be included in all signatures. If the version of the +issuing key is 4 and an Issuer subpacket is also included in the +signature, the key ID of the Issuer subpacket MUST match the low +64 bits of the fingerprint. + +Note that the length N of the fingerprint for a version 4 key is 20 +octets. + ### {5.2.4} Computing Signatures All signatures are formed by producing a hash over the signature data, --8<---------------cut here---------------end--------------->8--- -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- Re: [openpgp] Issuer Fingerprint Werner Koch
- Re: [openpgp] Issuer Fingerprint Werner Koch
- Re: [openpgp] Issuer Fingerprint Peter Gutmann
- Re: [openpgp] Issuer Fingerprint Werner Koch
- Re: [openpgp] Issuer Fingerprint Werner Koch
- Re: [openpgp] Issuer Fingerprint Daniel Kahn Gillmor
- Re: [openpgp] Issuer Fingerprint Werner Koch
- Re: [openpgp] Issuer Fingerprint Joseph Lorenzo Hall
- Re: [openpgp] Issuer Fingerprint Werner Koch
- Re: [openpgp] Issuer Fingerprint Vincent Breitmoser
- [openpgp] Issuer Fingerprint Werner Koch
- Re: [openpgp] Issuer Fingerprint (issue#3) Werner Koch
- Re: [openpgp] Issuer Fingerprint (issue#3) Werner Koch