At 06:55 3/10/98 , Lutz Donnerhacke wrote:
* Hal Finney wrote:
This is a proposal for a new packet type, the "attribute packet,"
So simply use the URL subpacket of the signature page
or define an new one. But *do* *not* bind it to the key!
I'm not sure this addresses the use Hal had in mind. An implication of
allowing an attribute packet "wherever a userid packet may be" is that it
can be signed by another party. I imagine the UI he has in mind would
allow this other party to add the attribute, rather than (or, "in addition
to") the key owner doing so. The end goal is (I think) the ability to
express the meaning of your signature ... "I certify this key for business
purposes, but I wouldn't trust this blighter with the personal secrets of a
snail."
You might do this with additional UserIDs, but only if you allow them to be
added by non-owners (a capability recently retracted by PGPInc
implementations); you also would have some conflict over whether to match
values in the attributes when searching for a key.
At least, I think that's the sort of thing he was getting at. Perhaps a
bit more info about intended use, and structure of the packet to support
it, would be in order.
///// Informix Software Inc. Jack Repenning
////\ / Config/Release Mgmt jackr(_at_)informix(_dot_)com
///// / 4100 Bohannon Drive M/S: 4100/2
///// / Menlo Park, CA 94025 FAX: 650/926-6571
///// / PAGE: 800/782-9089 VOICE: 650/926-1044
///// / PGP/RSA: D24B E2C2 9AFB 7C24 : 7E59 7885 525D 644E
///// PGP/DSS: 955C 44AD 8FCE 77D4 9494 : 4AB2 51F1 3EED 3B82 E870