Re: [openpgp] Followup on fingerprints

[ianG <iang@iang.org>]

On 7/08/2015 02:20 am, Phillip Hallam-Baker wrote:
>
>
> On Thu, Aug 6, 2015 at 3:19 PM, Daniel Kahn Gillmor
> <dkg@fifthhorseman.net <mailto:dkg@fifthhorseman.net>> wrote:
>
>     On Thu 2015-08-06 12:12:48 -0400, Nicholas Cole wrote:
>     > There's actually just a more basic, practical problem. Most gpg tools
>     > assume unique fingerprints. Is it even possible to specify one key rather
>     > than another if both have the same fingerprint?
>
>     but what are the consequences of this?  If there's a specifically
>     troubling scenario that puts other people at risk, we should be able to
>     describe it.
>
>     If there isn't, then this suggests that actually using two keys with the
>     same fingerprint is a problem only for the person who holds the two
>     keys, right?
>
>     But that person has an easy (much cheaper in fact) way to proceed
>     without the problem: don't make a fingerprint collision in the first
>     place!
>
>
> Dan,
>
> The problem is that the person who is potentially at risk is not the key
> holder but the relying party who verifies the key.
>
> As with 'Domain Separation' it is a case where most of us prefer to be
> conservative unless there is a good reason to try the bleeding edge.
> Doubling the length of a printed fingerprint is clearly a problem.
> Having a big internal fingerprint isn't.
>
> Here, 100, 125 or 150 bits seem fine for a printed fingerprint and 256
> bits is comfortable for an internal one. Do we really need to go
> further? My original goal was to avoid having to go into this
> explanation at last call.


Are we arguing about a shortened internal identifier for the key? 
That's easy.  The full hash, please.



iang