Re: including the entire fingerprint of the issuer in an OpenPGP certification

Daniel Kahn Gillmor <> Tue, 18 January 2011 04:48 UTC

Received: from (localhost []) by (8.14.4/8.14.3) with ESMTP id p0I4m003014930 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jan 2011 21:48:00 -0700 (MST) (envelope-from
Received: (from majordom@localhost) by (8.14.4/8.13.5/Submit) id p0I4m052014929; Mon, 17 Jan 2011 21:48:00 -0700 (MST) (envelope-from
X-Authentication-Warning: majordom set sender to using -f
Received: from ( []) by (8.14.4/8.14.3) with ESMTP id p0I4lxVQ014924 for <>; Mon, 17 Jan 2011 21:47:59 -0700 (MST) (envelope-from
Received: from [] ( []) by (Postfix) with ESMTPSA id 4C5F1F987 for <>; Mon, 17 Jan 2011 23:47:58 -0500 (EST)
Message-ID: <>
Date: Mon, 17 Jan 2011 23:47:53 -0500
From: Daniel Kahn Gillmor <>
Reply-To: IETF OpenPGP Working Group <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20101213 Icedove/3.1.7
MIME-Version: 1.0
To: IETF OpenPGP Working Group <>
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
References: <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig3FFC5B717EBE1F287CBCC3A5"
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>

On 01/17/2011 10:22 PM, David Shaw wrote:
> I like this idea.  I would do it as "full fingerprint" myself.
> The difference in storage between 160 bits and 96 bits is all
> of 8 bytes.  I think the simplicity of being able to say the
> whole fingerprint is in there is worth a measly 8 bytes.

That seems like a reasonable cost/benefit analysis to me.

> Do we necessarily need a new subpacket type for this?  It
> could pretty easily be a notation.

Thereby making it even longer -- how many bytes are you prepared to
throw at the problem? ;)

So with gpg, this is doable already with something like this in gpg.conf:


I dislike this aesthetically for 3 reasons:

 0) the subpacket is hashed into the signature created, which doesn't
seem necessary.

 1) the notation value is in plain text (twice as long as it needs to be)

 2) i don't like the notation name being as long as the one i just chose :P

but maybe i'm just being a bit-miser with 1 and 2.  And maybe 0 isn't
all that important, either. (is there a way to tell GnuPG to make the
notation subpacket in the unhashed part of the signature?)

i (think i) have signed this message using the above notation name.  i'd
be happy to drop that notation name in favor of anything more concise
from a domain with a reasonably stable track record related to this stuff.

If anyone on the list has difficulty verifying my signature as a result
of this notation, please let me know.

David, do you think a patch to interpret a notation like this would be
of interest to GnuPG?  Are any other OpenPGP implementations willing or
interested in coming to consensus on a notation name and working on this?

And what should an implementation do if the issuer subpacket and the
"full fingerprint" packet disagree on the last 64 bits?