On 09/10/2009 10:54 AM, Robert J. Hansen wrote: > On Thu, 2009-09-10 at 14:02 +0200, Philippe Cerfon wrote: >> I thought the key ID is only used for humans to short check the >> keys,.. but not in the system itself?! > > Nope, it's pretty pervasive in the system.
Unless i misunderstand the context, I think I disagree with your
characterization here, Robert.
The Key ID is a substring (either the last 8 or 16 hex chars) of the Key
Fingerprint (which is 40 hex chars). The Key ID is used nowhere in the
internals of the OpenPGP specification, from what i can tell.
The fingerprint itself is used only in the designated revocation key
[0], which is an acknowledged weakness of the cryptosystem [1]. It's
not used anywhere else that i can tell.
So I think Philippe Cerfon's characterization is pretty accurate,
actually. The fingerprint (and to a weaker extent, the keyID) is useful
where the mechanical implementation meets the human mind. But I don't
think either are used internally to the OpenPGP cryptosystem in many
places at all.
--dkg
[0] http://tools.ietf.org/html/rfc4880#section-5.2.3.15
[1] http://www.imc.org/ietf-openpgp/mail-archive/msg33257.html
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
