-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Oct 29, 2003 at 03:52:38PM -0800, vedaal(_at_)hush(_dot_)com wrote:
On Wed, 29 Oct 2003 14:25:17 -0800 David Shaw
<dshaw(_at_)jabberwocky(_dot_)com>
wrote:
A notary can issue a notary signature on any signature, which includes
key certifications. Placing the notary signature in a
signature-in-a-subpacket on the unhashed area of the original
signature would be an effective way of transporting the notary sig
around with the key.
could this be done in a way that existing implementations can just
'ignore' (i.e., not 'choke' on) the notary signature if it can't
'recognize' what it is, when importing a key with a notary signature
on the self- signed sig of the key?
Yes, existing implementations should ignore and certainly not choke on
any unrecognized signature subpacket. If the signer chooses to, they
can set the "critical" flag, which requests that an implementation
fail the signature verification for unrecognized signature
subpackets, but at the same time, they don't have to. It's up to the
signer what they want to happen.
(It is a different issue altogether whether a critical bit on an
*unhashed* subpacket should cause this to happen, though!)
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.4-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iHEEARECADEFAj+gXUAqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJu2wAn1tgsAjREJuw9EMDe6mTGmwTmZb0AKCW
d0F3ekMqwCMjmsCe8vNfixM0bQ==
=01bo
-----END PGP SIGNATURE-----