-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Jon Callas" <jon(_at_)callas(_dot_)org> writes:
2440 already says that a top-level key must be able to sign.
That was my interpretation, but David read it another way and his
reading was not unreasonable. I'd ask that we clarify the language.
Someone suggested saying "V4" rather than "that has a main key
and subkeys"; that works for me.
I would like to be able to add a user id to someone's key because I want to,
and I sign it myself, and let it go at that.
Jon presents a very reasonable example. If it's for his personal use,
then it can be encapsulated in user agents (not the protocol), much
the way trust is today. (In fact, the value in signing such a local
alias is debatable.) I sorely wish that user agents offered this
already.
If you feel that this is something that should be exportable, then
indeed, we need to allow non-selfsigned identities. I considered this
use, and had decided that I could live without it (in the protocol) in
order to impose a strict self-signature rule. But I'm willing to
relent. As Jon points out, keyservers and user agents can (and
probably should) impose their own restrictions at storage/import time.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQA/AwUBPyGbAuc3iHYL8FknEQIN/gCcD7Wtg2CX0/Nm2zuN/HsgrNqe6BMAnjAb
miYM1gtkVTRqzxkbEel4qCRH
=/lRt
-----END PGP SIGNATURE-----