Wouldn't it make more sense to hash only the public-key's MPI value(s)? That way if an implementation's code fails to generate a unique key-pair, it will be known because the fingerprint will be the same as some other key.
But as it is, with the Fingerprint hash including the timestamp, any "colliding" keys will have different fingerprints and so will go undetected. Is there a good reason for it to be this way? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
