-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Jul 07, 2003 at 11:58:57AM -0700, Bill Frantz wrote:
I don't advocate making any severe changes in the preference system,
but perhaps the language here could be made a bit stronger? Something
like "Note that without the ability to rewrite a self-signature,
interoperability issues may occur when the same key is used in more
than one implementation." would be great.
I realize this suggestion is getting into UI issues, but...
Perhaps implementations should also warn the user if the user's
public key includes features that are not supported by the
implementation, and offer to generate a new self-signature that does
not include those features.
It's a good idea, and in fact has been on my todo list for GnuPG for a
little while now. It's one of those things that sounds easy, but is
actually pretty fussy to do (What if there is more than one self-sig?
What if the user later removes a self-sig with safe permissions,
leaving a self-sig with unsafe permissions? Etc). Nothing
unsolvable, but there are a lot of corner cases.
That said, should such a thing be mentioned in 2440bis? I'm not sure.
I certainly wouldn't be against something like "Implementations MAY
wish to warn the user when importing a key that has preferences that
contradict the capabilities of the implementation".
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE/CkCL4mZch0nhy8kRAkFkAKCV4N6AsONC11H4MqExgNDkMwZ6oACgqk6T
de02ELd0rqdgD+myEBjV0Jg=
=SON4
-----END PGP SIGNATURE-----