RFC 2726 (rfc2726) - Page 3 of 11
PGP Authentication for RIPE Database Updates
Alternative Format: Original Text Document
RFC 2726 PGP Authentication for RIPE Database Updates December 1999
key-cert: Is of the form PGPKEY-hhhhhhhh, where hhhhhhhh stands for
for the hex representation of the four bytes ID of the PGP key.
The key certificate detailed in the certif attribute belongs to
the PGP key with the id hhhhhhhh. The reason for having PGPKEY- as
a prefix is to allow for other types of key certificates at a
later date, and at the same time to be able to clearly
differentiate at query time between a person query and a key
certificate query. At the time of the creation/modification of
the key-cert object, the database software checks whether the key
certificate in the certif attribute indeed belongs to the PGP id
specified here. The creation/modification is authorized only upon
the match of these two ids.
method: Line containing the name of the signing method. This is the
name of the digital signature method. The present certificate
belongs to a key for digitally signing messages using the
specified method. The method attribute is generated automatically
by the database software upon creation of the key-cert object.
Any method attribute present in the object at the time of the
submission for creation is ignored. The method has to be
consistent with both the prefix of the id in the key-cert
attribute and with the certificate contained in the certif
attributes. If these latter two (i.e. prefix and certificate) are
not consistent, the key-cert object creation is refused. For the
PGP method this will be the string "PGP" (without the quotes).
owner: Line containing a description of the owner of the key. For a
PGP key, the owners are the user ids associated with the key. For
each user id present in the key certificate, an owner attribute is
generated automatically by the database software upon creation of
the key-cert object. Any owner attribute present in the object at
the time of the submission for creation is ignored.
fingerpr: A given number of hex encoded bytes, separated for better
readability by spaces. It represents the fingerprint of the key
associated with the present certificate. This is also a field
generated upon creation of the object instance. Any fingerpr
attribute submitted to the robot is ignored. The reason for
having this attribute (and the owner attribute) is to allow for an
easy check of the key certificate upon a query of the database.
The querier gets the owner and fingerprint information without
having to add the certificate to his/her own public keyring.
Also, since these two attributes are _generated_ by the database
software from the certificate, one can trust them (as much as one
can trust the database itself).
Zsako Standards Track