Since sending in -10, I have removed Elgamal signatures (it was the
next thing on my list to do).
Section 9.1 now says:
20 - Reserved (formerly Elgamal Encrypt or Sign)
I put this in 12.6, on reserved identifiers:
Previous versions of OpenPGP permitted Elgamal [ELGAMAL] signatures
with a public key identifier of 20. These are no longer permitted.
An implementation MUST NOT generate such keys. An implementation
MUST NOT generate Elgamal signatures.
(I also removed the reference to DES/SK in 12.6, this should have been
done long ago.)
I thought about adding more text into 12.6 about what to do with an
existing key or signature, but didn't add anything. The reason is that
I think it should be just fine for an implementation to treat 20 the
same way as any other illegal or reserved identifier, and also just
fine for an implementation to migrate keys, verify signatures but alert
that they're possibly forged, or any other reasonable thing.
Consequently, the less said the better. Simplify, simplify.
Jon