RFC 2726 (rfc2726) - Page 3 of 11


PGP Authentication for RIPE Database Updates



Alternative Format: Original Text Document



RFC 2726      PGP Authentication for RIPE Database Updates December 1999


   key-cert: Is of the form PGPKEY-hhhhhhhh, where hhhhhhhh stands for
      for the hex representation of the four bytes ID of the PGP key.
      The key certificate detailed in the certif attribute belongs to
      the PGP key with the id hhhhhhhh. The reason for having PGPKEY- as
      a prefix is to allow for other types of key certificates at a
      later date, and at the same time to be able to clearly
      differentiate at query time between a person query and a key
      certificate query.  At the time of the creation/modification of
      the key-cert object, the database software checks whether the key
      certificate in the certif attribute indeed belongs to the PGP id
      specified here. The creation/modification is authorized only upon
      the match of these two ids.

   method:  Line containing the name of the signing method.  This is the
      name of the digital signature method. The present certificate
      belongs to a key for digitally signing messages using the
      specified method.  The method attribute is generated automatically
      by the database software upon creation of the key-cert object.
      Any method attribute present in the object at the time of the
      submission for creation is ignored.  The method has to be
      consistent with both the prefix of the id in the key-cert
      attribute and with the certificate contained in the certif
      attributes. If these latter two (i.e. prefix and certificate) are
      not consistent, the key-cert object creation is refused. For the
      PGP method this will be the string "PGP" (without the quotes).

   owner:  Line containing a description of the owner of the key.  For a
      PGP key, the owners are the user ids associated with the key.  For
      each user id present in the key certificate, an owner attribute is
      generated automatically by the database software upon creation of
      the key-cert object.  Any owner attribute present in the object at
      the time of the submission for creation is ignored.

   fingerpr:  A given number of hex encoded bytes, separated for better
      readability by spaces.  It represents the fingerprint of the key
      associated with the present certificate.  This is also a field
      generated upon creation of the object instance.  Any fingerpr
      attribute submitted to the robot is ignored.  The reason for
      having this attribute (and the owner attribute) is to allow for an
      easy check of the key certificate upon a query of the database.
      The querier gets the owner and fingerprint information without
      having to add the certificate to his/her own public keyring.
      Also, since these two attributes are _generated_ by the database
      software from the certificate, one can trust them (as much as one
      can trust the database itself).






Zsako                       Standards Track