At 08:04 AM 11/5/97 -0800, mark(_at_)unicorn(_dot_)com wrote:
This is precisely the point we're making. If CMR goes into the Open
PGP spec then this will happen *automatically* with any compliant
application which receives a GMR key from abroad.
How do you know?
From my very first post on the subject to the OP list on CMR, I said that I
opposed what you're suggesting above. If CMR were mandatory, PGP products
would not comply, because it isn't mandatory in any PGP product.
I have no great problem with defining the neccesary flags and tags
as 'implementation defined' so that non-CMR applications won't barf
when they see them, but I certainly do not want to have to build
snoopware into my applications in order to comply with the standard.
This is *PRECISELY* what my original suggestion was. I think this is why
some people talk about "fear mongering." No one has ever suggested anything
by just defining the tags, and leaving treatment up to the application,
except the fear mongers.
Jon Callas jon(_at_)pgp(_dot_)com
Chief Scientist 555 Twin Dolphin Drive
Pretty Good Privacy, Inc. Suite 570
(415) 596-1960 Redwood Shores, CA 94065
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)