ietf-openpgp
[Top] [All Lists]

Re: Secure receipts

1997-10-16 15:40:14
G'day.

Ian Brown wrote:

Something which has been mentioned over the last few days, which I also
think would be enormously useful, is the possibility to do secure
message receipts.

I also think this is an excellent idea.  There are a few ways to do it.
Your way (to make a new packet) isn't bad, but then we're going to be
using signatures for a lot more in the future (e.g. machine-checkable
timestamping and authentication come to mind, but I'm sure there will be
more uses that hasn't occurred to us), so a more extensible solution is
better IMO.

A simple implementation which needn't affect the Open-PGP format beyond
perhaps one flag is to come up with a standard certificate format which
can be decoded by the appropriate software, which is then signed using
normal PGP document signing (perhaps flagged as "this is a certficate"
with an appropriate modification to the message hash, but that's not
strictly necessary --- anyone reading the signed document will see that
it is a certificate).  Some simple format such as:

        - Some ASCII data describing the kind of certificate in a
          machine-parsable form with an appropriate human-readable
          version.

        - An appropriately quoted version of the original document.

In fact, I would suggest this implementation _because_ it doesn't
affect the OpenPGP format very much.

Does this sound feasible/desirable? If so, maybe this could go in the
second draft? I know we want to get the standard out ASAP, but this is
quite a simple and isolated proposal which shouldn't be too difficult to
add in...

Definitely wait until the second draft, yes.

Cheers,
Andrew Bromage

<Prev in Thread] Current Thread [Next in Thread>