On 7/20/03 8:48 AM, "David Shaw" <dshaw(_at_)jabberwocky(_dot_)com> wrote:
I was basically against it until it was explained to me why people
wanted it, and I ended up thinking, "Hmmm, we don't have a
compression system in there that's newer than 1977, and customers
are often right."
I rather like the idea of OpenPGP as an archival primitive.
That's what sold me, too.
How about adding:
Note that without the ability to rewrite a self-signature,
interoperability issues may occur when the same key is used in more
than one implementation. Implementations may wish to check keys
upon import to ensure that the preferences on the key match the
reality of the implementation.
That doesn't mandate anything, but does call attention to the problem.
I guess the last line could be a SHOULD if there was a desire to make
it stronger.
I put in:
It is good practice to verify that a self-signature imported into an
implementation doesn't advertise features that the implementation doesn't
support, rewriting the signature as appropriate.
Jon