Re: [openpgp] Issuer Fingerprint

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 14 June 2016 16:29 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3C5D12D80F for <openpgp@ietfa.amsl.com>; Tue, 14 Jun 2016 09:29:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1CWNoJXz8Ako for <openpgp@ietfa.amsl.com>; Tue, 14 Jun 2016 09:29:37 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by ietfa.amsl.com (Postfix) with ESMTP id 6F25312D80B for <openpgp@ietf.org>; Tue, 14 Jun 2016 09:29:37 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id D8FE4F98B; Tue, 14 Jun 2016 12:29:35 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 292F222AFF; Tue, 14 Jun 2016 12:29:35 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Werner Koch <wk@gnupg.org>, openpgp@ietf.org
In-Reply-To: <87mvmp5rmi.fsf@wheatstone.g10code.de>
References: <87mvmp5rmi.fsf@wheatstone.g10code.de>
User-Agent: Notmuch/0.22+69~gd812194 (https://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Tue, 14 Jun 2016 12:29:35 -0400
Message-ID: <87y46720pc.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/M790eX5t-NLNgukTsVbEzeNmnws>
Subject: Re: [openpgp] Issuer Fingerprint
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2016 16:29:39 -0000

Hi there--

On Mon 2016-06-13 06:07:33 -0400, Werner Koch wrote:
> --8<---------------cut here---------------start------------->8---
> @@ -1055,6 +1055,7 @@ #### {5.2.3.1} Signature Subpacket Specification
>            30   Features
>            31   Signature Target
>            32   Embedded Signature
> +          33   Issuer Fingerprint
>    100 to 110   Private or experimental
>
>  An implementation SHOULD ignore any subpacket of a type that it does
> @@ -1615,6 +1616,16 @@ #### {5.2.3.26} Embedded Signature
>  in Section 5.2 above.  It is useful when one signature needs to refer
>  to, or be incorporated in, another signature.
>
> +#### Issuer Fingerprint
> +
> +(1 octet key version number, N octets of fingerprint)
> +
> +The OpenPGP Key fingerprint of the key issuing the signature.  The
> +only possible key version number is 4 and thus N must be 20.  This
> +subpacket is intended to eventually replace the issuer subpacket which
> +does not not unambiguously specify the key.  It SHOULD be part of all
> +signatures.
> +
>  ### {5.2.4} Computing Signatures
>
>  All signatures are formed by producing a hash over the signature data,
> --8<---------------cut here---------------end--------------->8---

I like this proposal.  I wonder if there should be some text about its
interaction with the Issuer subpacket beyond "is intended to eventually
replace" ?  something like "If an Issuer subpacket is included in the
same packet as an Issuer Fingerprint subpacket, the Issuer Fingerprint
subpacket MUST be version 4, and the Issuer subpacket MUST be the low 64
bits of the fingerprint.  If the Issuer Fingerprint subpacket version is
greater than 4, there MUST NOT be an Issuer subpacket included in the
same packet."

     --dkg