usage flags for bitcoin addresses on OpenPGP keys [was: Re: human readable key algorithm]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jan 16 23:00:36 CET 2014
On 01/16/2014 12:33 PM, Werner Koch wrote:
> Adding notation data to the key or a newly defined keyflag would be
> useful to identify such a subkey. The question is whether we can deploy
> this before the BC bubble bursts.
I agree with the suggestion to use a notation. In fact, i'd rather not
see such a key marked as authentication-capable, because that would
imply that it should be used in other authentication contexts (like
SSH). I also don't think the key is really used in bitcoin in
authentication contexts -- aiui, in bitcoin, the wallet's key is only
used for signing an outbound transaction. this isn't an authentication
step, it's clearly a digital signature.
That said, it's not an OpenPGP digital signature, so maybe the
traditional signing flag doesn't make sense either. I certainly
wouldn't want attaching such a key to my OpenPGP certificate to make it
so that when i sent mail it signed my mail with my bitcoin wallet's key!
I note that gpg's notion of "capabilities" doesn't map directly to the
usage-flags subpacket anyway (since E maps to multiple usage flags, and
some defined usage flags aren't settable). I wonder if gpg should
expose a "bitcoin address" capability (within --expert mode) and set
such a subkey up as having no usage flags set, and a notation like:
extended-usage at gnupg.org=bitcoin
in human-readable form, gpg could indicate this as "Usage: B"
what do y'all think?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140116/2fbaec96/attachment.sig>
More information about the Gnupg-devel
mailing list