-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Oct 28, 2003 at 10:47:55PM -0500, Michael Young wrote:
> I think it really depends on what the signature-in-a-subpacket is
> being used for. For the back-signature, it probably doesn't need
> any subpackets. At the same time, it doesn't hurt to include them.
> Does it matter very much?
Yes, I was referring specifically to subkey cross-signatures.
Including subpackets, particularly issuerId, is just wasteful
in this situation. (They're pretty wasteful on binding signatures,
too; one might argue that they could help correct a shuffled
packet sequence, but that's a stretch.) I'd like to see
recommendations for each flavor of signature that reflect
real needs.
I think that is straying into overkill. If there is no security or
protocol correctness issue at hand, just say nothing.
Let's credit implementors with some ability to know which subpackets
are useful for a given purpose. We don't need an RFC, written with no
knowledge of the internal code of a given implementation, to proclaim
that an issuer ID might not be necessary - especially since the
presence of that same issuer ID harms nobody.
Also, an issuer ID - at worst - is 14 bytes long. If you really want
to save some space on keys, we should issue guidelines on how large a
photo ID should be ;)
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.4-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iHEEARECADEFAj+fRkgqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJiGYAoIncvQEOycutdXfAJh1jzbN4BxnFAKDR
BFyge/Ra52CP7BKdFY4M5+pQPQ==
=zuFN
-----END PGP SIGNATURE-----