Re: including the entire fingerprint of the issuer in an OpenPGP certification

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 19 January 2011 06:14 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0J6E9Q6077245 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 18 Jan 2011 23:14:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0J6E9Yr077244; Tue, 18 Jan 2011 23:14:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0J6E854077237 for <ietf-openpgp@imc.org>; Tue, 18 Jan 2011 23:14:09 -0700 (MST) (envelope-from dkg@fifthhorseman.net)
Received: from [192.168.13.75] (lair.fifthhorseman.net [216.254.116.241]) by che.mayfirst.org (Postfix) with ESMTPSA id 999E2F987 for <ietf-openpgp@imc.org>; Wed, 19 Jan 2011 01:14:07 -0500 (EST)
Message-ID: <4D36812A.9050601@fifthhorseman.net>
Date: Wed, 19 Jan 2011 01:14:02 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Reply-To: IETF OpenPGP Working Group <ietf-openpgp@imc.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101213 Icedove/3.1.7
MIME-Version: 1.0
To: IETF OpenPGP Working Group <ietf-openpgp@imc.org>
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
References: <E1Pf1WI-0007aL-EN@login01.fos.auckland.ac.nz> <CFCF61BD-9281-4F09-AD31-C5AAC38315FE@callas.org> <4D354A08.1010206@iang.org> <87lj2isgm8.fsf@vigenere.g10code.de> <58216C60-3DFD-4312-B514-19243ED4220A@callas.org> <4D36010A.30205@fifthhorseman.net> <E8F060EE-48E5-4F92-8285-B5897A8F4950@jabberwocky.com> <4D3611C1.5050706@fifthhorseman.net> <05AB0704-53F0-4969-B0CA-DAC501D8CC40@jabberwocky.com>
In-Reply-To: <05AB0704-53F0-4969-B0CA-DAC501D8CC40@jabberwocky.com>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigE97A4F6D31F833C305E17C3F"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 01/18/2011 05:43 PM, David Shaw wrote:
> No, this would be another use of the existing public/secret key version registry.  We already have a registry that covers key versions.
 [...]
> Sorry - I wasn't clear enough.  Rather than using a notation, I was saying that if that we should define a "true" subpacket (not a notation)
> for this, but define the subpacket in a flexible enough way that we
won't be throwing the subpacket away (or having to maintain it just for
V4) when V5 comes.

ok, i understand what you're saying.  I'm game for either approach.

Here's a proposal: i'll start with an issuer-fpr@... notation that will
use the exact value (version byte, fpr) that we expect to be the content
of the new subpacket type, demonstrate it, and then use that experience
to draft an update to RFC 4880 and apply for a new subpacket allocation
if it seems to make sense.

Is it kosher to use a notation this way instead of using an explicitly
experimental subpacket type?

	--dkg