Why do Key Fingerprints include Creation Timestamp?
fuzzy_drawrings at protonmail.com
Wed Jan 31 03:35:57 CET 2018
Wouldn't it make more sense to hash only the public-key's MPI value(s)? That way if an implementation's code fails to generate a unique key-pair, it will be known because the fingerprint will be the same as some other key.
But as it is, with the Fingerprint hash including the timestamp, any "colliding" keys will have different fingerprints and so will go undetected.
Is there a good reason for it to be this way?
More information about the Gnupg-users