-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, Jul 20, 2003 at 02:35:14PM -0700, Jon Callas wrote:
How about adding:
Note that without the ability to rewrite a self-signature,
interoperability issues may occur when the same key is used in more
than one implementation. Implementations may wish to check keys
upon import to ensure that the preferences on the key match the
reality of the implementation.
That doesn't mandate anything, but does call attention to the problem.
I guess the last line could be a SHOULD if there was a desire to make
it stronger.
I put in:
It is good practice to verify that a self-signature imported into an
implementation doesn't advertise features that the implementation doesn't
support, rewriting the signature as appropriate.
Excellent. That works for me.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE/HBbu4mZch0nhy8kRAoIUAKCkx6H6DqxCw3OoWRWAUqjGOfe+owCgowJW
5E9hwKXFBzbRf4M1hP95T/o=
=udOS
-----END PGP SIGNATURE-----