-----BEGIN PGP SIGNED MESSAGE-----
Lutz Donnerhacke wrote:
* Ian Grigg wrote:
In the current understanding of the community, the only plausible
alternative is to simply omit all mention of the CMRK subpacket from the
standard.
No. It is possible to document is and point out the security consequences in
chapter 'Security Considerations'.
Yes, I jumped a few steps there hastly. It is certainly possible to
document it. I was suggesting that within the ambit of the IETF, it
will be impractical of us to do so.
To put this in context, Adam has found explanation difficult enough such
that writing a formal paper is the best way to explain his case. Some
500 posts on this subject have occured (that I recorded) in the last two
or three weeks. (PGP Inc has actively presented their viewpoint in
these posts.)
Lack of material is not a problem, but finding an unbiased reporter is a
problem, and presenting a rational case that is both complete, unbiased
and brief seems just too much to ask. Practically, I think we need to
sacrifice a statement on this issue, because it will be too costly in
terms of time and contributor energy to produce.
- --
iang systemics.com
FP: 1189 4417 F202 5DBD 5DF3 4FCD 3685 FDDE on pgp.com
-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.21
iQCVAgUANFdHIZUdDk1bRs+FAQE7uQP+Nf6RfHJcXdnJs7+BMU4rc5Fqml+c1Ohi
j7VAqZlGWUTv1wTUENkWKq7bYqRxtUP8VCGjjNlsmuYBKQhH8UjhcnG/EOIEyig/
6xJb5ELCHIHCBWTh9dfjSMf0PXcImtnrSlCmpY3bLVn8HE9AOzazY2GQu0NWDaw/
zx82uJEeij0=
=AExd
-----END PGP SIGNATURE-----