ietf-openpgp
[Top] [All Lists]

Re: critical notation data sub-packets

1999-05-27 17:03:34
The purpose of the notation subpackets is to have a general-purpose
mechanism for implementors to put in their own extensions, so yes, people
should (in general) use those for any private or controversial additions to
signatures.

Sooner or later, we probably will need a registration system for them, or
some naming convention. Right now, there are a number of obvious things you
can do to restrict conficts, like prefixing your notation name with a
domain name (like foobar.com-private-value) and that will work.

This saves the subpacket versions for something we know we need -- for
example a subpacket that has an implemented features list (like MDC data
packets).

As for the critical bit, in my opinion, it is a way for the writer of a
signature to tell something to the reader. The reader, though, always has
the final say. A few examples:

A human-readable subpacket that's marked critical seems to be something
that the writer really wanted the reader to see. But the reader's software
may have an option to turn it off. I can see where someone might put
human-readable limits of liability or other such crud in there, and I don't
want to have legalese pop up in a window every time I use someone's key.
(But in such a case, I might solve it by deleting that signature,
personally.) So it's perfectly reasonable for an implementation to ignore a
critical human-readable notation. Similarly, a system that's running as a
robot is correct to ignore a critical human readable subpacket.

I think that it's merely impolite (as opposed to non-compliant) for an
implementation to ignore a critical bit. I'll spin another scenario.
Suppose XYZcorp makes an OpenPGP implementation, and they create some
feature that they want everyone else to support, so they mark it as
"critical" in all signatures they create. It's obnoxious, but it wouldn't
be the first time a vendor tried to bully features into a standard. If
another vendor ignored all critical bits on notations that started with
"xyzcorp.com" because of abuse of criticality, I wouldn't call them
non-compliant. If a different vendor was even more gonzo, again, it's up to
users to appeal to them to do the right thing (whatever than means). I
don't want to see it be a standards issue.

This is also the reason why we have a "receiver wins" policy in algorithms.
It is to forestall the case where someone tries to force their feature on
the world.

        Jon



<Prev in Thread] Current Thread [Next in Thread>