It seems to me that the debate over CMR and it's more secure
alternatives could easily be deferred to OpenPGPv2 with no
The way that CMR/ARR field is encoded in the draft is that it is a
signature subpacket type. Signature subpacket types are extensible;
that is an implementation already has a defined method to safely
ignore subpackets it does not understand. This means that no one will
experience compatibility problems if the experimental CMR subpacket is
only implemented by PGP Inc.
Avoiding, or deferring the political debate seems like it would be a
good idea for a number of reasons:
- it would allow us to focus on getting OpenPGPv1 out in a timely
- it would allow more time for PGP Inc to get feed-back on this
controversial experimental feature from their customers as to how
CMR performs functionally in practice (I am expecting there will
be complaints about the lack of ergonomic recovery from forgotten
passphrases -- all files have to be re-encrypted), how the security
of the system holds up (how well companies are managing very
sensitive CMR master keys), and to gauge customers acceptance of the
- it will give time for more secure competing proposals (such as local
escrow) to be developed for recovery from forgotten passphrases.
The consolidation phase would then be in OpenPGPv2 where the better
solution would be chosen in OpenPGPv2 for standardisation.