[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] about ECC and collisions
|
From: |
Daniel Kahn Gillmor |
|
Subject: |
Re: [Sks-devel] about ECC and collisions |
|
Date: |
Tue, 05 Apr 2011 11:07:03 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.15) Gecko/20110402 Icedove/3.1.9 |
On 04/05/2011 09:33 AM, Jean-Jacques Brucker wrote:
> I didn't know that fingerprint was calculated with a timestamp. Do you have
> any idea of the reason(s) to do that ?
You should read RFC 4880 (or just skim it and read the parts that most
interest you):
https://tools.ietf.org/html/rfc4880
and this kind of discussion is probably best had on the ietf openpgp WG
list, in which anyone can participate:
http://www.imc.org/ietf-openpgp/
My impression from thinking about the problem is that the creation
timestamp is actually a critical piece of information about a key. For
example, it constrains the range of possible valid timestamps for
signatures or certifications made by the key (you can't make a
certification before your key ever existed). Embedding such a
constraint in the fingerprint makes it tightly-bound to the key. (note:
i'm not saying this is a great argument, or that i think it's a good
idea; i'm undecided myself about the utility of putting the creation
timestamp in the fingerprint)
Some suggestions within the working group around possible new
fingerprint models have proposed fingerprinting only the public key
material itself, and not including the creation timestamp, so i think
there is room for discussion there.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature