Issuer Fingerprint (was: Vanity Keys)

Werner Koch wk at gnupg.org
Tue Jan 13 12:33:25 CET 2015


[Moving discussion to gnupg-devel]

On Tue, 13 Jan 2015 10:41, nicholas.cole at gmail.com said:

> Or a new revision of the standard, I suppose.  But I think that one or

A new key and signature packet version will take years to develop and
deploy.  Thus I think it is better to first do something within the
standard which will be backward compatible.

We currently use this subpacket:

  5.2.3.5.  Issuer

   (8-octet Key ID)

   The OpenPGP Key ID of the key issuing the signature.

A new optional subpacket:

5.2.3.27.  IssuerFingerprint

   (N-octet Key Fingerprint)

   The OpenPGP Fingerprint of the key issuing the signature.  For
   current versions of OpenPGP N has the value 20.  Future versions of
   OpenPGP may specify a different scheme for the fingerprint and thus
   another value for N.  Implementations should thus be prepared for
   other fingerprint lengths but honor this subpacket only if N is 20.

could be used to overcome duplicate key id problems.  The subpacket
type octet for that new subpacket would be 33.  Note that

  Adding a new Signature subpacket MUST be done through the IETF
  CONSENSUS method, as described in [RFC2434].

which takes quite some time.  Should be pursue this task or take a quick
solution by using notation data?

The size of a signature will increase by 22 or even more when using the
notation data approach.  This is noticeable but given that we are anyway
moving to the smaller ECC algorithms I think this is acceptable.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list