Re: including the entire fingerprint of the issuer in an OpenPGP certification

David Shaw <dshaw@jabberwocky.com> Tue, 18 January 2011 03:23 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0I3N1Al012325 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jan 2011 20:23:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0I3N16D012324; Mon, 17 Jan 2011 20:23:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0I3N00N012319 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Mon, 17 Jan 2011 20:23:01 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.4/8.14.4) with ESMTP id p0I3MvV1011930 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 17 Jan 2011 22:22:58 -0500
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset=us-ascii
From: David Shaw <dshaw@jabberwocky.com>
In-Reply-To: <4D34F133.3000807@fifthhorseman.net>
Date: Mon, 17 Jan 2011 22:22:57 -0500
Cc: notmuch <notmuch@notmuchmail.org>
Message-Id: <2885367E-D215-4BE7-983D-C82C55C64B0F@jabberwocky.com>
References: <4D34F133.3000807@fifthhorseman.net>
To: IETF OpenPGP Working Group <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.1082)
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by hoffman.proper.com id p0I3N10M012320
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Jan 17, 2011, at 8:47 PM, Daniel Kahn Gillmor wrote:

> Would there be any objection to a new subpacket type for OpenPGPv4 that
> would include the remaining 96 bits of the issuer's fingerprint?  (the
> "high 96" proposal)
> 
> Alternately, what about a new subpacket type that simply includes the
> entire 160 bits of the issuer's fingerprint?   (the "full fingerprint"
> proposal)

I like this idea.  I would do it as "full fingerprint" myself.  The difference in storage between 160 bits and 96 bits is all of 8 bytes.  I think the simplicity of being able to say the whole fingerprint is in there is worth a measly 8 bytes.

Do we necessarily need a new subpacket type for this?  It could pretty easily be a notation.

David