Re: including the entire fingerprint of the issuer in an OpenPGP certification

David Shaw <dshaw@jabberwocky.com> Thu, 20 January 2011 04:45 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K4jNCb030502 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jan 2011 21:45:23 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0K4jNJM030501; Wed, 19 Jan 2011 21:45:23 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K4jLhB030496 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Wed, 19 Jan 2011 21:45:23 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.4/8.14.4) with ESMTP id p0K4jKcV030261 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <ietf-openpgp@imc.org>; Wed, 19 Jan 2011 23:45:21 -0500
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1082)
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
From: David Shaw <dshaw@jabberwocky.com>
In-Reply-To: <4D36812A.9050601@fifthhorseman.net>
Date: Wed, 19 Jan 2011 23:45:20 -0500
Message-Id: <4CCBCFF0-211C-4405-99D1-B626E14C252B@jabberwocky.com>
References: <E1Pf1WI-0007aL-EN@login01.fos.auckland.ac.nz> <CFCF61BD-9281-4F09-AD31-C5AAC38315FE@callas.org> <4D354A08.1010206@iang.org> <87lj2isgm8.fsf@vigenere.g10code.de> <58216C60-3DFD-4312-B514-19243ED4220A@callas.org> <4D36010A.30205@fifthhorseman.net> <E8F060EE-48E5-4F92-8285-B5897A8F4950@jabberwocky.com> <4D3611C1.5050706@fifthhorseman.net> <05AB0704-53F0-4969-B0CA-DAC501D8CC40@jabberwocky.com> <4D36812A.9050601@fifthhorseman.net>
To: IETF OpenPGP Working Group <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.1082)
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by hoffman.proper.com id p0K4jNhA030497
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Jan 19, 2011, at 1:14 AM, Daniel Kahn Gillmor wrote:

> On 01/18/2011 05:43 PM, David Shaw wrote:
>> No, this would be another use of the existing public/secret key version registry.  We already have a registry that covers key versions.
> [...]
>> Sorry - I wasn't clear enough.  Rather than using a notation, I was saying that if that we should define a "true" subpacket (not a notation)
>> for this, but define the subpacket in a flexible enough way that we
> won't be throwing the subpacket away (or having to maintain it just for
> V4) when V5 comes.
> 
> ok, i understand what you're saying.  I'm game for either approach.
> 
> Here's a proposal: i'll start with an issuer-fpr@... notation that will
> use the exact value (version byte, fpr) that we expect to be the content
> of the new subpacket type, demonstrate it, and then use that experience
> to draft an update to RFC 4880 and apply for a new subpacket allocation
> if it seems to make sense.
> 
> Is it kosher to use a notation this way instead of using an explicitly
> experimental subpacket type?

Sure, you can do either one.

David