Ian Grigg <iang(_at_)systemics(_dot_)com> writes:
[about ARR/CMR]
That leaves us with the fourth option. Say nothing and do not document
it.
This of course will be problematic for programmers, as they test their
code against 5.x, and discover the strange packets.
This problem highlights the usefulness of the extension mechanism Jon
Callas described briefly. If PGP implements controversial extensions
as extensions, the compatibility problem vanishes -- implementations
which don't have the extension coded already have a defined way to
safely ignore it.
I don't however see this as a problem, as there is little to stop
PGP Inc from publishing a separate document which can become known.
As the programmers are coding up the pgp code, and as this feature
is only used by PGP Inc code, they know where to ask.
I'd sooner discourage them also from using the CMR feature at all, due
to the security risks, and negative political aspects. However, if
they insist, it's their reputation, but I would think a good way to
implement it would be to implement it using the extension mechanism.
Or, we can simply say nothing and leave the feature as a new, untried
idea by one commercial venture in the marketplace for Open PGP product.
Absolutely. Also they should implement it within the extension
frameworks so that they do not introduce compatibility problems.
Adam