[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPKI in OpenPGP format
Vinnie, I had already posted a combined format many months ago to these
lists. I called it "Pretty Simple PKI". Maybe I should post the draft
The PGP key itself serves as the subject. And I used the old literal to
end of packet (no length) to serve as the "()" element grouping. The
current name element is simply interpreted to be tag "(name <foo>)".
This construct would allow extension of current PGP so that you could
sign 2 or more user names in a group at once, rather than the current
one at a time limitation, and incorporate SDSI names to be signed.
It should be easy to modify the current libraries to interpret the
elements, and translate between them, without any confusion with older
PGP formats (they would stop on the literal). I checked the sources,
everything looked OK.
I could not get agreement on the SPKI list that a binary form would be
the canonical form (very important for signing), and the textual form
would merely be a visual translation for human editting programs. A lot
of us have desired this, but no overwhelming consensus was achieved
(not enough to get Ellison to change).
Also, key lengths would need to be bit-length instead of byte-length
(very important for backward PGP element compatibility). Ellison
adamantly refused this point.
On the OpenPGP side, there seemed to be general agreement that the PGP 5
draft formats needed to be finished before worrying about extensions.
So, yes, it could be done easily and elegantly, but the parties lack the
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32