-----BEGIN PGP SIGNED MESSAGE-----
On Jan 23, 2007, at 4:21 PM, Jim Fenton wrote:
I generally agree with "RFC only", but haven't thought about all
eight of the registries that -base asks to have created. It's not
clear that we want to do this with all of them. For example, we
might want to set a higher bar for the signature or hash algorithm
than for creation of a new signature tag.
To be something of a devil's advocate on this, why? A nice property
of signatures is that there is pressure on the verifier either to
create them maximally interoperably, or accept that some people won't
be able to verify them.
As a verifier, if I start seeing signatures with a hash that I don't
speak (or think is not secure), I just consider the message to be
unsigned or bogusly signed. No problem.
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.5.2
-----END PGP SIGNATURE-----
NOTE WELL: This list operates according to