Here are some proposals for changes that I think are reasonable, based on
what I'm hearing here:
* IDEA gets marked as a MAY from a SHOULD. An implementation note gets put
in noting that it's patented, but used in PGP 2.
* We deprecate V3 keys. Specifically, we say {MUST|SHOULD} NOT be generated,
and {SHOULD|MAY} use. V3 signatures {MUST|SHOULD} not be generated. I lean
toward SHOULD rather than MUST, but that's only because I'm a gradualist. If
someone feels strongly that we should say MUST, just say so. Also, provide
comments on this.
* It sounds like the consensus on hard key expiration is that it needs to go
into a V5 format.
Other issues:
* There are a number of implementation notes that I believe are old enough
to go away. Given that RFCs, even if obsoleted, do not disappear, deleting
one is not a tragedy. I believe, for example, that anyone still using PGP
5.X really shouldn't. These predate OpenPGP, and we just shouldn't worry
about them at all. I want to remove all of those notes to start with.
* There may be similar text that can go away from the draft, as well.
Suggestions are welcome.
Jon