gpgme 0.3.3 questions

[Rick van Rein]

Hoi Werner Koch,

> > So, NEVER NEVER NEVER use a fingerprint as an identity, or assume it is
> > unique. But ANYTIME assume that a comparison of fingerprints is as good a
> 
> I can't agree with that big never.

As expected ;-)


> A fingerprint is the best identity you can have.

If you mean it's the closest you can get, I agree.
Chances of things going wrong are slim, but that's not good enough for an
identity.

But, per definition, it is not an identity, _because_ there is a >0 chance
of two different entities with the same fingerprint. An identity requires
an =0 chance for that.

But aside from definition matters, I consider it unsafe. The search space
of PGP can grow without bounds. 2^80 is a lot, but it is less than the IPv6
address space, which is somewhat linear to expected addresses to exist in
the future. And then to search that space for a fingerprint as an identity
is unwise.

The treat-fingerprint-as-ID cannot scale up to an arbitrary size. On the
other hand, the authenticating properties of a fingerprint are always based
on a single person identifying herself, so that scales quite well.

Similarly, the trust ring in GPG is indexed by fingerprint -- which I don't
like much, but given the average ring size, chances of error are slim (and
acceptable). But worldwide stuff should not be indexed by fingerprint if
you want my opinion.

> About everything in cryptography is about probability, so it does not
> make sense to try to do something "exact" in one part of the system.

Definately, but where exact solutions exist, it is better not to rely on a
game of chance, even if the stakes are pretty darn good. Identities are
quite easy to construct in almost any application, and it is better to look
further and not jump to fingerprints as identities too easily. If it can be
avoided, that's a gain.


Just my tuppence,

-Rick.