-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Jun 04, 2003 at 07:56:54AM -0400, Internet-Drafts(_at_)ietf(_dot_)org
wrote:
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-08.txt
I'm quite pleased with this draft. I'm going to give it a more
in-depth read, but I did notice a few very minor (mostly language)
nits:
***************
In section 5.2.1 ("Signature Types"): In the description of the 0x50
signature, there is a sentance that reads "such a a blind party that
only sees the signature, not the key nor source document". That first
"a" was probably intended as an "as".
In the same section, "It is a notary seal on the signed data", could
probably be better as "It is analogous to a notary seal on the signed
data". This should also help Ian Grigg's concerns about misuse of the
word "notary".
***************
In section 14 ("Implementation Nits") one of the items mentions:
* PGP 2.0 through 2.5 generated V2 Public Key Packets. These are
identical to the deprecated V3 keys except for the version
number. An implementation may accept or reject them as it sees
fit.
It might be good to change this a bit to:
* PGP 2.0 through 2.5 generated V2 Public Key Packets and V2
signatures. These are identical to the deprecated V3 keys and
signatures except for the version number. An implementation may
accept or reject them as it sees fit.
***************
I understood that the "keyserver preferences" and "features"
subpackets contain a collection of single-bit flags, but it isn't
completely clear from the text. Maybe a sprinkling of the word "bit"
would help here.
***************
In section 5.2.4 ("Computing Signatures"), a sentance reads "A V3
certification hashes the contents of the name packet, without any
header." Instead of "name packet", I suggest "user ID or attribute
packet".
***************
In section 10.1 ("Transferable Public Keys"), subkeys are followed by
"After each Subkey packet, one signature packet, optionally a
revocation." I think the word "plus", as in "... plus optionally a
revocation" would be helpful here. A revocation does not take the
place of the original binding signature.
***************
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE+3pyK4mZch0nhy8kRAnjWAKDAE/pOoO5ERuUoCD89yWF/dzfwogCfZTXt
FnFGatmn7C7QTqGpGtjXcYw=
=Ulf9
-----END PGP SIGNATURE-----