Tom Zerucha writes:
On Wed, 21 Apr 1999, Jon Callas wrote:
My apologies for not jumping in here sooner.
The consensus that I've seen is against overloading message integrity on
signature packets. We also discussed it in Orlando, and there was great
consensus against it there. I confess that personally, I also question the
wisdom of separating them. Especially if it requires a shared key.
Or a well defined "anonymous" sign-only key, which is what I think Adam
Back was proposing.
Yes that was a third proposal, which has the advantage over the other
two that it works with out changing old software, and new software
could be setup to regonize the defined keys, and display different
messages on that basis.
I also like Tom's suggestion of using algorithm ID 0 for signature.
Adds conotations of "no signature algorithm". Nice. Why don't you
try implementing that in your PGP implementation Tom? It should come
out as fewer lines, and simpler code than the other method. You
should be able to post the patch (export control wise) because it is
There is a potential problem with shared key, we would need to be
absolutely sure that people did not erroneously include certificates
made by it in the WoT calculation.
Distributing it with trust parameter of 0 might work. It would need
to be looked at further wrt the major implementations behaviour.