One pass signature packets contain a keyid, but there is no MUST to
require the keyid within the signature packet itself (that I can find,
i.e. in the subpacket definitions).
I would add MUST include a keyid subpacket (unhashed, MAY hash), and
SHOULD include the creation time in the hashed area, which would
correspond to what V3 signatures provide.
Otherwise there MUST be a 1 pass signature packet, and this would require
all implementations to prestore the keyid.
--- reply to tzeruch - at - ceddec - dot - com ---