-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Jon Callas" <jon(_at_)callas(_dot_)org> writes:
Here are some proposals for changes that I think are reasonable
I generally agree.
* IDEA gets marked as a MAY from a SHOULD. An implementation note gets put
in noting that it's patented, but used in PGP 2.
I'd still say that it's the default "preferred" algorithm for v3 keys
(that vast majority that don't have a v4 self-signature :-).
* We deprecate V3 keys. Specifically, we say {MUST|SHOULD} NOT be generated,
and {SHOULD|MAY} use. V3 signatures {MUST|SHOULD} not be generated. I lean
toward SHOULD rather than MUST, but that's only because I'm a gradualist.
I also favor SHOULD. (I wouldn't want to call an implementation non-compliant
for providing PGP2 interoperability, even as a default.)
* It sounds like the consensus on hard key expiration is that it needs to go
into a V5 format.
It is certainly stronger there. (I don't feel a need for the weaker form.)
* There are a number of implementation notes that I believe are old enough
to go away. Given that RFCs, even if obsoleted, do not disappear, deleting
Curiously, I feel much more comfortable dropping PGP5 notes than PGP2.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQA/AwUBPn+WLOc3iHYL8FknEQI5+gCg7GVg6mWy383lsMnyNIoKNl8ZFo0AnR7L
0cvmn+rCdIH7D398ekt2iNh/
=OWkU
-----END PGP SIGNATURE-----