-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Jul 17, 2003 at 05:50:49PM -0400, Michael Young wrote:
"David Shaw" <dshaw(_at_)jabberwocky(_dot_)com> writes:
So, as a solution, rather than ripping into the key construction
rules, why not just put in a line saying "user IDs and user attributes
SHOULD have a self-signature", and call it a day?
I think it's suitably "nice" to merit "ripping into" a key construction
rule that I have always thought was wrong. Despite your attempts to
paint the current rule as cleaner, simpler, or more natural, I still
disagree
"Despite your attempts to paint the current rule"? Yikes. We're all
working towards the same goal here. Remember who suggested dealing
with this in 2440bis. If I liked the no-required-self-sigs status
quo, I wouldn't have brought it up.
Although it might seem I'm arguing against required self-sigs, I'm
actually fairly torn. One problem is that combining this change with
the encrypt-only key change implies a number of subtle and not so
subtle changes, and I'm not (yet) convinced that this is the right
thing to do.
I understand that you see the removal of encrypt-only keys as an
advantage (as you seem to be arguing against encrypt-only keys almost
more than you are arguing for a required self-signature), but I don't
see things that way.
Despite what I said earlier in this thread, requiring self-sigs does
not depend on removing encrypt-only keys. Since there seems to be
widespread agreement for the former, and not for the latter, perhaps
it would be better to resolve the self-sigs question and then discuss
encrypt-only keys as a suppurate issue. Discussing the two issues tied
together seems to be leading nowhere.
I propose "Self-signatures are REQUIRED for all user IDs and user
attribute IDs on any key that has a primary capable of certification".
This handles the self-sig issue without changing the key construction
rules at all.
If there is consensus on this, then a different discussion can be
opened on the matter of encrypt-only keys.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE/F0RT4mZch0nhy8kRApWuAKC1nGMxvf6i26tMxHJ/gHZ3qMY6hQCfUO8V
CsPgFfLT2nQbuVAd4HA1ki0=
=qfjQ
-----END PGP SIGNATURE-----