[PATCH] Allow printing key digests in key edit

David Shaw dshaw at jabberwocky.com
Mon Jan 30 16:10:14 CET 2012

On Jan 30, 2012, at 8:36 AM, Christian Aistleitner wrote:

>> These are not defined by OpenPGP and thus I strongly advise against its
>> use.  SHA-1 is an integral part of OpenPGP; it doesn't help if you come
>> up with a different way of computing a fingerprint.
> As written in the PS of my previous post [3], this patch is not to mangle
> with OpenPGP business. It is not an attempt to replace the OpenPGP
> fingerprint. It does not even touch any OpenPGP stuff within GnuPG.
> It's solely about letting GnuPG (not general OpenPGP) users experiment.

Experimentation is fine, but it is inappropriate to experiment in ways that affect core pieces of interoperability.  This would make GnuPG users essentially have two types of fingerprint - the standard OpenPGP one, and the new GnuPG-specific longer hash one.  When signing keys with people using other implementations (PGP being the big one here), we don't need the confusion of multiple strings to compare, only some of which are useful for a given implementation.

There will, no doubt, be a new fingerprint standard arriving someday.  It probably won't be soon, but when it does, it will be something decided on by the OpenPGP WG after discussion and input.  It's been discussed there before, and it's not a trivial task.

I don't mean that nobody should experiment, of course, but I do think that including such an experiment as a standard feature in GnuPG pushes it away from a mere experiment.


More information about the Gnupg-devel mailing list