Re: including the entire fingerprint of the issuer in an OpenPGP certification

[Daniel Kahn Gillmor <dkg@fifthhorseman.net>]

On 01/17/2011 10:22 PM, David Shaw wrote:
> I like this idea.  I would do it as "full fingerprint" myself.
> The difference in storage between 160 bits and 96 bits is all
> of 8 bytes.  I think the simplicity of being able to say the
> whole fingerprint is in there is worth a measly 8 bytes.

That seems like a reasonable cost/benefit analysis to me.

> Do we necessarily need a new subpacket type for this?  It
> could pretty easily be a notation.

Thereby making it even longer -- how many bytes are you prepared to
throw at the problem? ;)

So with gpg, this is doable already with something like this in gpg.conf:

 sig-notation signer-fpr@notations.openpgp.fifthhorseman.net=%g

I dislike this aesthetically for 3 reasons:

 0) the subpacket is hashed into the signature created, which doesn't
seem necessary.

 1) the notation value is in plain text (twice as long as it needs to be)

 2) i don't like the notation name being as long as the one i just chose :P

but maybe i'm just being a bit-miser with 1 and 2.  And maybe 0 isn't
all that important, either. (is there a way to tell GnuPG to make the
notation subpacket in the unhashed part of the signature?)

i (think i) have signed this message using the above notation name.  i'd
be happy to drop that notation name in favor of anything more concise
from a domain with a reasonably stable track record related to this stuff.

If anyone on the list has difficulty verifying my signature as a result
of this notation, please let me know.

David, do you think a patch to interpret a notation like this would be
of interest to GnuPG?  Are any other OpenPGP implementations willing or
interested in coming to consensus on a notation name and working on this?

And what should an implementation do if the issuer subpacket and the
"full fingerprint" packet disagree on the last 64 bits?

	--dkg