Re: [openpgp] Fingerprints

[ianG <iang@iang.org>]

On 16/04/2015 16:39 pm, Derek Atkins wrote:
> Christoph Anton Mitterer <calestyo@scientia.net> writes:
>
>> On Wed, 2015-04-15 at 16:21 -0400, David Shaw wrote:
>>> Using a string is fine, but even with numbers, there is no rule that
>>> the number has to be a single byte.  After enough years and algorithms
>>> added, it could be "100000:ABCDEF0123..."
>> But numbers would make problems if we're using the binary representation
>> of the fingerprint (i.e. not the ASCII/UTF8 version of it).
>> How should one know where the algo type ends, 0x0 can't be used since it
>> may be part of the number.
>> So it can only be done if the algo type is defined to be a (null
>> terminated) string.
>
> It's easy -- all algorithms are currently defined to be <= 127.  If we
> need more than that we can use base-128 encoding.  I.e., the number is
> self-length-encoded in a way that you always know when the number ends.
>
> The benefit of using a number instead of a string is that in the vast
> majority (probably 99.999%) of use cases we'll be within the 127-value
> limitation so we can encode it in exactly one byte.  A string will
> always require at least two bytes, and that only gives you ~52 options.


I rather use numbers than strings because a number is typically far more 
controlled, which is important in a security context.  With strings, 
there's always room for manouvre.  Leaving that room in means people 
will abuse it.

In a sense, it's almost a signal - a number means it has to be exact & 
checked.  A string means it's up to the application to display and some 
higher layer to figure out and interpret.  All waste, all opportunity 
for trouble.



iang