pgut001 at cs.auckland.ac.nz
Thu Jul 25 14:20:02 CEST 2002
Werner Koch <wk at gnupg.org> writes:
>On Thu, 25 Jul 2002 21:35:09 +1200 (NZST), Peter Gutmann said:
>>S/MIME doesn't require X.509 (I've been doing it with PGP keys for several
>>years now), so it's not a deadly failing.
>You mean by using the subjectKeyIdentifier?
>What method of creating it should be used? The RFC mentions 2, afaik you use
>a modified one and for me it would make sense to use the PGP fingerprint.
Flip a coin 128 times? Anything you feel like. Remember that while with PGP
the keyIDs are implicit (which is a royal pain IMHO), with X.509 they're
explicit, so you can use any value you want. It is in fact quite valid to use
a PGP keyID as a subjectKeyIdentifier if you want to (I use a hash of the
subjectPublicKeyInfo, which is a well-defined and unambiguous value). I've
seen CAs use bits of key hashes, monotonically increasing integers, numeric
text strings, MPEGs of cats...
More information about the Gnupg-devel