At 11:08 AM 3/20/98 +0100, Christopher Creutzig wrote:
In that case, all comments which may be necessary e.g. in the context of
CAs (there's a whole bunch of them, e.g. 'may sign for company XY', 'member
of CA UVW' or 'ID checked via postal agency' (possible in Germany)) would
need to go into the User-ID itself. That may not be feasible. While your
point is well taken, there are also meaningful comments for which a comment
field in the signature packet would be a highly sensible place.
Such a field does exist in the OpenPGP spec. Take a look at the "notation"
subpacket, which is designed both for signature extensions, and for
comments on signatures. There's a flag on the packet to let you mark it as
human-readable.
Jon
-----
Jon Callas jon(_at_)pgp(_dot_)com
CTO, Total Network Security 4200 Bohannon Drive
Network Associates, Inc. Menlo Park, CA 94025
(650) 473-2860
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)