Thomas Roessler <roessler(_at_)guug(_dot_)de> writes:
The specification is a bit ambiguous about "notation data" signature
subpackets marked as "critical".
I don't think so: If an implementation encounters notation data with
critical bit set and it completely understands the semantics of this
notation data, it can verify the signature.
To understand this notation data the implementaion might also want to
consult the policy URL to distinguish between different semantics.
The critical bit does not say anthing about how to handle this
subpacket; the implemenation is only required to understand that this
is critical and there is no required action defined for any
subpackets. I don't think this is within the scope of OpenPGP.
Definitions of the trust modell and the classes of signatures are
are on purpose very loose.
extensions to RFC 2440 which have to put critical information into
signatures define sub-packets of their own, or should they use
We should avoid to use private sub-packets when there is another way
to do the task.
Werner Koch at guug.de www.gnupg.org keyid 621CC013