IETF Logo Mail Archive

Re: [openpgp] Issuer Fingerprint

Werner Koch <wk@gnupg.org> Tue, 14 June 2016 18:01 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA7C712D883 for <openpgp@ietfa.amsl.com>; Tue, 14 Jun 2016 11:01:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VyitMb0Twb1c for <openpgp@ietfa.amsl.com>; Tue, 14 Jun 2016 11:01:38 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 598BE12D866 for <openpgp@ietf.org>; Tue, 14 Jun 2016 11:01:38 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1bCsee-0000Jm-OB for <openpgp@ietf.org>; Tue, 14 Jun 2016 20:01:36 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1bCsbx-00058q-9P; Tue, 14 Jun 2016 19:58:49 +0200
From: Werner Koch <wk@gnupg.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
References: <87mvmp5rmi.fsf@wheatstone.g10code.de> <87y46720pc.fsf@alice.fifthhorseman.net>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367
Mail-Followup-To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
Date: Tue, 14 Jun 2016 19:58:49 +0200
In-Reply-To: <87y46720pc.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Tue, 14 Jun 2016 12:29:35 -0400")
Message-ID: <87r3bztzxi.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/5Q_SzEJOmN0UDOSkN03Jz6xo7mE>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Issuer Fingerprint
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2016 18:01:40 -0000

Hi,

here is another try with dkg's suggestions:

--8<---------------cut here---------------start------------->8---
@@ -1055,6 +1055,7 @@ #### {5.2.3.1} Signature Subpacket Specification
           30   Features
           31   Signature Target
           32   Embedded Signature
+          33   Issuer Fingerprint
   100 to 110   Private or experimental
 
 An implementation SHOULD ignore any subpacket of a type that it does
@@ -1155,7 +1156,9 @@ #### {5.2.3.5} Issuer
 
 (8-octet Key ID)
 
-The OpenPGP Key ID of the key issuing the signature.
+The OpenPGP Key ID of the key issuing the signature.  If the version
+of that key is greater than 4, this subpacket MUST NOT be included in
+the signature.
 
 #### {5.2.3.6} Key Expiration Time
 
@@ -1615,6 +1618,19 @@ #### {5.2.3.26} Embedded Signature
 in Section 5.2 above.  It is useful when one signature needs to refer
 to, or be incorporated in, another signature.
 
+#### Issuer Fingerprint
+
+(1 octet key version number, N octets of fingerprint)
+
+The OpenPGP Key fingerprint of the key issuing the signature.  This
+subpacket SHOULD be included in all signatures.  If the version of the
+issuing key is 4 and an Issuer subpacket is also included in the
+signature, the key ID of the Issuer subpacket MUST match the low
+64 bits of the fingerprint.
+
+Note that the length N of the fingerprint for a version 4 key is 20
+octets.
+
 ### {5.2.4} Computing Signatures
 
 All signatures are formed by producing a hash over the signature data,
--8<---------------cut here---------------end--------------->8---


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: https://alt-hochdahl.de/haus */

v2.30.2 | Report a Bug | By Email | System Status