It's been submitted.
There have been a flurry of changes, which I'll give a synopsis of. There
are also a number of remaining issues.
I've not done a lot with the algorithm issues. I added in more references
for Elgmal as per Hal and Tim Dierk's suggestions, but settling out those
are one of the major issues left before we can go to final call.
Fortunately, this isn't really a major issue. But I bring it up here, as I
think it needs discussion. I am planning to add a new section to the next
revision on algorithm issues, and we can therein discuss details of any
algorithm.
There are a few feature requests worth considering. In Washington and on
the list, we briefly discussed both non-text user ids, and user-id
revocations. I think that each is a good idea, and worth having in OpenPGP
V1.0. I think we just need to hammer out what the syntax is, and then they
can go in.
Here's a synopsis of changes, not guaranteed to be complete:
String-to-Keys
* In Washington, the consensus was that the iterated-salted S2K should be
either a MUST or eliminated (I suggested that we could make it be a MAY).
There was also a consensus that objections to it would go away if the 8-bit
floating point format were replaced by a 32-bit integer. The creators of
the feature argued convincingly that it is a useful thing for cutting down
on dictionary attacks, by raising the cost of computing an S2K to something
large. So I reserved the old tag (0x03) as obsolete, and modified the
definition to have a new tag and use a 32-bit integer.
Armor, cleartext signatures, etc.
* There are now two sections describing them, in the back of the document.
* There is a sample implementation in C of armor's CRC-24
Signatures, etc.
* The ARR subpacket is gone, replaced by placeholder.
* There are several new subpacket types: primary user id, policy URL, key
flags, and signer's user id. A formatting error at the top of page 15 makes
it easy to miss the latter two. I've already fixed this in the source, and
will get better formatting tools even if I have to write them myself.
* There is a new description of the critical flag.
* Signature types 0x11-0x13 are back in. These are persona, casual, and
positive certification signatures. In Washington, consensus was that if no
one was using them, they should go. RFC1991 and informal surveys said they
weren't being used, but I have been notified that they used in Europe. It
is possible that there are still some places in the document that say
there's only one type of certification, 0x10. If you find one, let me know
and I'll fix it.
* There is a new signature type, 0x1f. A number of people have observed
that preference and attribute subpackets end up in certification sigs, and
thus applying to a user id, rather than to the key proper. This new
signature type allows a certifier or keyholder to make statements about the
entire key.
* There is a new section describing how to form signatures.
Comment packets
* They are gone, as per discussion in Washington. I think that nearly all
reasonable uses of them can be implemented using standalone sigs and
notations.
Regular expressions
* There is a new section giving their syntax. This section is taken from
the "nearly public domain" implementation. See the document for details.
-----
Jon Callas jon(_at_)pgp(_dot_)com
CTO, Total Network Security 4200 Bohannon Drive
Network Associates, Inc. Menlo Park, CA 94025
(650) 473-2860
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)