Re: including the entire fingerprint of the issuer in an OpenPGP certification

David Shaw <dshaw@jabberwocky.com> Tue, 18 January 2011 15:03 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0IF36KK042788 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 18 Jan 2011 08:03:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0IF36jt042787; Tue, 18 Jan 2011 08:03:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0IF34jb042782 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Tue, 18 Jan 2011 08:03:06 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from dshaw.nasuni.net (gw-comcast1.nasuni.com [173.166.63.186]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.4/8.14.4) with ESMTP id p0IF33k1016143 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <ietf-openpgp@imc.org>; Tue, 18 Jan 2011 10:03:03 -0500
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1081)
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
From: David Shaw <dshaw@jabberwocky.com>
In-Reply-To: <87lj2isgm8.fsf@vigenere.g10code.de>
Date: Tue, 18 Jan 2011 10:03:02 -0500
Message-Id: <AB4FC801-3AE3-49C6-B191-0EC11DB2ACD2@jabberwocky.com>
References: <E1Pf1WI-0007aL-EN@login01.fos.auckland.ac.nz> <CFCF61BD-9281-4F09-AD31-C5AAC38315FE@callas.org> <4D354A08.1010206@iang.org> <87lj2isgm8.fsf@vigenere.g10code.de>
To: OpenPGP Working Group <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.1081)
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by hoffman.proper.com id p0IF36ja042783
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Jan 18, 2011, at 4:31 AM, Werner Koch wrote:

> 
> On Tue, 18 Jan 2011 09:06, iang@iang.org said:
> 
>> And, head towards the fingerprint, the whole fingerprint and nothing
>> but the fingerprint!  Dispense with all these weird and wonderful
> 
> I agree.  Further I am not sure whether we should do this full
> fingerprint proposal right now or better wait for SHA-3.  If we would
> settle now for a new fingerprint signature subpacket we will for sure
> need to revise that for SHA-3.  We would need to maintain code for the
> current fingerprint as well as for a SHA-3 for a little eternity.

What if we made up a new subpacket that was defined as simply "the fingerprint" (that is, without specifying special encoding, or version, or what-have-you).  For today, that is the full SHA-1 fingerprint we know and love.  In the future, the same subpacket could be used in the V5 world as well (we'd have to have a way of telling a V4 from a future V5 fingerprint, but we need to do that anyway).  This is similar to how the current "signer ID" subpacket works - it can take V3 or V4 key IDs.

One of the things I wanted to push for in V5 was to use full fingerprints instead of key IDs internally.  This new subpacket could be the new "signer ID" subpacket.

David