W3C home > Mailing lists > Public > public-xg-webid@w3.org > November 2011

Re: cert:fingerprint ?

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Tue, 22 Nov 2011 18:24:03 +0100
Message-ID: <CAKaEYhLBsqnzCK54tGkOR3n01NnK58RxMWH5w5OLAi-WN2stVQ@mail.gmail.com>
To: Mo McRoberts <mo.mcroberts@bbc.co.uk>
Cc: Kingsley Idehen <kidehen@openlinksw.com>, Henry Story <henry.story@bblfish.net>, WebID Incubator Group WG <public-xg-webid@w3.org>, foaf-protocols@lists.foaf-project.org
On 22 November 2011 18:12, Mo McRoberts <mo.mcroberts@bbc.co.uk> wrote:
>
> On 25 Oct 2011, at 19:53, Kingsley Idehen wrote:
>
>> On 10/25/11 12:38 PM, Henry Story wrote:
>>> On 25 Oct 2011, at 18:33, Kingsley Idehen wrote:
>>>
>>>> Henry,
>>>>
>>>> Since we have cert:key, what about cert:fingerprint?
>>> How would you define it?
>>
>> Good question since WOT [1] and these newer Key oriented ontologies aren't aligned. In addition, WOT is conflating public key and x.509 certificate. The fingerprint I am talking about is a hash (md4, md5, sha, sha256, sha512) of the entire x.509 Cert.
>
> WoT's definition of 'fingerprint' is horribly underspecced — it really needs to specify (even if just by reference!) how the fingerprint is computed: otherwise, how can you ever perform a reliable comparison?
>
> For reference, a fingerprint which is included in an X.509 cert (e.g., is often used as subjectKeyIdentifier or authorityKeyIdentifier, and presented in many user interfaces) is actually the fingerprint of the DER-encoded public key data and *not* the rest of the cert.
>
> PGP does things slightly differently, but not significantly so (from RFC4880 §12.2):
>
> “For a V3 key, the eight-octet Key ID consists of the low 64 bits of the public modulus of the RSA key.
>
> “The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5.  Note that both V3 keys and MD5 are deprecated.
>
> “A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99, followed by the two-octet packet length, followed by the entire Public-Key packet starting with the version field.  The Key ID is the low-order 64 bits of the fingerprint.”
>
> Note that in neither case does the fingerprint contain any User ID packets (which are combined with the public key packet(s) to constitute a full “PGP Certificate” — the closest equivalent of an X.509 Certificate).

Great info thanks!

What's cool about fingerprint is the simplicity.

<#me>  :fingerprint  "AB..."

That's all you need to do.

As kingsley has shown you can embed it in worldpress blog, facebook,
google plus, twitter etc.

>
> M.
>
> --
> Mo McRoberts - Technical Lead - The Space,
> 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
> Project Office: Room 7083, BBC Television Centre, London W12 7RJ
>
>
>
>
>
Received on Tuesday, 22 November 2011 17:24:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 22 November 2011 17:24:35 GMT