Jon writes:
It's too late to get MDCs into OpenPGP 1.0. We're in last call, and as good
as an idea it is, it's too late. I'm going to have the really, really final
one out this afternoon (I'm editing it in another window).
I didn't suggest that MDCs go into 1.0 in the last round. What I
suggested was that the following be verified:
that when processing a message containing signatures a 1.0
implementation MUST continue to emit plaintext (ie fail
gracefully) in the presence of signature algorithms it does
not recognise.
this readily allows adding MDCs or other signature algorithms in
version 1.1, and ensures backwards compatibility is possible.
If you can design something that is wholly backwards-compatible, it'll be
trivial to put it in 1.1 or simple document it as an extension. Not being
in 1.0 won't be an issue
If you can't design something backward compatible, then it's too late to go
in 1.0. Either way, it doesn't make it.
The question of signature handling of unknown signature types is
useful in general to clarify -- it is required for backwards
compatibility if for example a wide hash based variant of DSA is
added, or whatever.
I would presume the above to be a sensible interpretation of the
current spec. in any case, but worth expressing specifically if it is
not already in the current spec, and if there is still time.
If not, well then not.
Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`