-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
sen_ml(_at_)eccosys(_dot_)com, at 10:34 +0900 on Fri, 29 Dec 2000, wrote:
perhaps a survey announced on the various user-oriented pgp lists
would be useful for collecting feedback on the issue of deleting keys
from keyservers?
Of course, in the future, people's needs are going to change. They're
going to want new policies about how keyservers (and other entities)
handle their keys, and have other metadata associated with them. To try
to "guess" what people are going to really need or want two years from now
is a reach at best. If there is no attempt to use an extensible format
that accounts for the many different key-handling policies and metadata
that different people/entities are going to want to use, evil, bad hacks
are going to start occuring eventually.
One of the problems, I feel, is that we're trying to jam too much into the
few bits available in the OpenPGP spec. Simple boolean's just don't cut
it.
This is me dreaming here, but what'd really be good is to have the
metadata for keys separated out from the OpenPGP spec, and handled by
another, extensible mechanism, quite possibly/preferably XML. This could
allow the metadata to be extended via namespaces by however one wishes.
There is no tie-down by specification mandating what policies can be
accomodated. OpenPGP need not know about this extensible spec, since it's
pretty much finalized, but clients could adapt, and handle the specs in
pair.
In the end, I forsee troubles for OpenPGP if we try to quantify what
policies OpenPGP keys should be capable of holding metadata about.
- --
Frank Tobin http://www.uiuc.edu/~ftobin/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/
iEYEARECAAYFAjpL9/EACgkQVv/RCiYMT6OxqwCeOR74gDWVe8f3o1F5+2yAw6C4
u7MAn2yQkgOB/ILH5flzoJzAPWLeWJIG
=IwEa
-----END PGP SIGNATURE-----