Re: including the entire fingerprint of the issuer in an OpenPGP certification

Werner Koch <wk@gnupg.org> Wed, 19 January 2011 08:05 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0J85B47080950 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jan 2011 01:05:12 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0J85B3P080949; Wed, 19 Jan 2011 01:05:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0J85AMg080941 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Wed, 19 Jan 2011 01:05:11 -0700 (MST) (envelope-from wk@gnupg.org)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.69 #1 (Debian)) id 1PfT2T-0000TH-DQ for <ietf-openpgp@imc.org>; Wed, 19 Jan 2011 09:05:09 +0100
Received: from wk by vigenere.g10code.de with local (Exim 4.72 #1 (Debian)) id 1PfSy5-00067n-Fa; Wed, 19 Jan 2011 09:00:37 +0100
From: Werner Koch <wk@gnupg.org>
To: David Shaw <dshaw@jabberwocky.com>
Cc: Jon Callas <jon@callas.org>, OpenPGP Working Group <ietf-openpgp@imc.org>
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
References: <E1Pf1WI-0007aL-EN@login01.fos.auckland.ac.nz> <CFCF61BD-9281-4F09-AD31-C5AAC38315FE@callas.org> <4D354A08.1010206@iang.org> <87lj2isgm8.fsf@vigenere.g10code.de> <58216C60-3DFD-4312-B514-19243ED4220A@callas.org> <6C85BB3E-90BC-4FDC-967C-0867F5B1F57F@jabberwocky.com>
Organisation: g10 Code GmbH
OpenPGP: id=5B0358A2; url=finger:wk@g10code.com
Date: Wed, 19 Jan 2011 09:00:37 +0100
In-Reply-To: <6C85BB3E-90BC-4FDC-967C-0867F5B1F57F@jabberwocky.com> (David Shaw's message of "Tue, 18 Jan 2011 16:45:14 -0500")
Message-ID: <877he1s4pm.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Tue, 18 Jan 2011 22:45, dshaw@jabberwocky.com said:

> Rather than first byte being an algorithm ID, how about first byte
> being the version of the fingerprint?  So, it would be "4" for the
> current fingerprint, "5"

I think this is better than just the algorithm id.  It can be used to
account for different ways of computing the fingerprint as it matches
the version number of the key packets.  We don't specify the the
fingerprint algorithm at any other place directly; thus why do it here.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.