OpenPGP headers

Atom 'Smasher' atom at
Tue Aug 10 23:23:12 CEST 2004

Hash: SHA256

On Tue, 10 Aug 2004, Thomas [iso-8859-1] Sjögren wrote:
> On Tue, Aug 10, 2004 at 10:53:25AM -0400, Atom 'Smasher' wrote:

>> the id (or fingerprint) is just as important in determining the correct
>> key as the size and algo.
> dont you mean "the size and algo is just as important
> in determening the correct key as the id (or fingerprint)"?

yes, that too  ;)

> however, i dont believe that is true since the way to find the correct
> way is the check the complete fingerprint. the size and algo is of no
> interested in determining the correct key:
> 1. it's isn't near unique and isn't supposed to be
> 2. people change key sizes and algo but dont change keys, take for
> example the use of subkeys.

if only a single identifier could be used to determine a particular key, 
of course we'd use a fingerprint. but i think the other identifiers are 
too important to toss aside.

i'm not sure what you mean about subkeys... these headers only identify 
primary keys.

>> draft 0.1 <> allows a
>> full fingerprint to be used as a key id. it also specifies that a key id
>> SHOULD be prefixed with "0x"... the prefix aids in avoiding ambiguity.
> Since this draft is about providing "information about the senders OpenPGP key."
> I think section 1.1.1 should be different because, as stated in rfc 2440
> implementations SHOULD NOT assume that Key IDs are unique.
> Hence, to correctly identify a key you need the complete fingerprint.

the fingerprint can be used in the OpenPGP-Key header (id) and/or the 
OpenPGP-Fingerprint header. this is acceptable:

 	OpenPGP-Key: id=0x762A3B98A3C396C9C6B7582AB88D52E4D9F57808 ;
 		algo=1 ; size=4096

and i should include that as an example in the draft.

taking your point a step further, though, should the fingerprint be used 
as an ID in the OpenPGP-Key header (id), and then there's no need for a 
OpenPGP-Fingerprint header? or... should there be separate headers for the 
fingerprint, algo and size?

of these options, i sort of like using the full fingerprint in the id 
field, and making that a MUST. and then the spec would consist of only two 
headers, "OpenPGP-Key" and "OpenPGP-URL".


  PGP key -
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"Television: A medium. So called because it is neither rare
 	 nor well done."
 		-- Ernie Kovacs
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?


More information about the Gnupg-devel mailing list