Re: including the entire fingerprint of the issuer in an OpenPGP certification
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 18 January 2011 22:18 UTC
Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0IMImxV061992 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 18 Jan 2011 15:18:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0IMImq0061990; Tue, 18 Jan 2011 15:18:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0IMIlLx061979 for <ietf-openpgp@imc.org>; Tue, 18 Jan 2011 15:18:48 -0700 (MST) (envelope-from dkg@fifthhorseman.net)
Received: from [192.168.13.75] (lair.fifthhorseman.net [216.254.116.241]) by che.mayfirst.org (Postfix) with ESMTPSA id D85C6F987 for <ietf-openpgp@imc.org>; Tue, 18 Jan 2011 17:18:46 -0500 (EST)
Message-ID: <4D3611C1.5050706@fifthhorseman.net>
Date: Tue, 18 Jan 2011 17:18:41 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Reply-To: IETF OpenPGP Working Group <ietf-openpgp@imc.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101213 Icedove/3.1.7
MIME-Version: 1.0
To: IETF OpenPGP Working Group <ietf-openpgp@imc.org>
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
References: <E1Pf1WI-0007aL-EN@login01.fos.auckland.ac.nz> <CFCF61BD-9281-4F09-AD31-C5AAC38315FE@callas.org> <4D354A08.1010206@iang.org> <87lj2isgm8.fsf@vigenere.g10code.de> <58216C60-3DFD-4312-B514-19243ED4220A@callas.org> <4D36010A.30205@fifthhorseman.net> <E8F060EE-48E5-4F92-8285-B5897A8F4950@jabberwocky.com>
In-Reply-To: <E8F060EE-48E5-4F92-8285-B5897A8F4950@jabberwocky.com>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig83637B46A964E7359DF2744A"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
On 01/18/2011 05:05 PM, David Shaw wrote: > I don't think we want people using other than the consensus fingerprint algorithms and methods. I suggest we make the first byte a version field, which can be > set to '4' today for the current fingerprint, '5' for v5 keys, etc. Are we talking about versioning the fingerprint scheme, or versioning the key? It sounds like a versioned fingerprint scheme, not a versioned key scheme to me. If we say '4' means the fingerprinting standard in RFC 4880 (OpenPGPv4) and '5' means some other fingerprint scheme then we're effectively creating a new registry to be managed by IANA, right? I have no objection to that (and presumably it would be an exceptionally slow-growing registry) but it'd be good to be clear about what we're doing. I'd just as soon name the notation issuer-fpr4@whatever.example for the current fingerprint and then name a new notation issuer-fpr5@whatever.example when that happens, reusing the existing notation registry. (or, if this works and we want iana to allocate a "global" notation title, just ask for "issuer-fpr4" now, an "issuer-fpr5" later) This is all fiddly syntax choices, of course, without much importance, other than avoiding (current and future) bureaucratic overhead. > I suppose we could skip that field and detect version based on size, > but why use heuristics when we can know for sure with a version byte? We could also be sure if the name of the notation is precise enough. --dkg
- Re: including the entire fingerprint of the issue… Ian G
- Re: including the entire fingerprint of the issue… Avi
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Peter Pentchev
- Re: including the entire fingerprint of the issue… Avi
- Re: including the entire fingerprint of the issue… Jon Callas
- Re: including the entire fingerprint of the issue… Jon Callas
- Re: including the entire fingerprint of the issue… Ian G
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel A. Nagy
- Re: including the entire fingerprint of the issue… Werner Koch
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… Peter Gutmann
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel A. Nagy
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… Jon Callas
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel A. Nagy
- Re: including the entire fingerprint of the issue… Werner Koch
- Re: including the entire fingerprint of the issue… Ian G
- Re: including the entire fingerprint of the issue… Jon Callas
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… David Shaw
- Re: including the entire fingerprint of the issue… Daniel Kahn Gillmor
- Re: including the entire fingerprint of the issue… Peter Gutmann
- Re: including the entire fingerprint of the issue… Jon Callas
- including the entire fingerprint of the issuer in… Daniel Kahn Gillmor