-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[text reordered to take the interesting bits to the top]
On Thursday 22 April 2004 21.12, Jon wrote:
I don't hear a consensus for putting this in. If other people want to
use notations for an ad-hoc implementation, great.
Reviewing the thread, I see
- Ian proposing not to add this issue to OpenPGP
- David originally bringing up the matter and later:
| I think there is consensus that such a flag should not be set in
| the "features" subpacket. There seemed to be at least some
| consensus that such a flag would be better placed in a "notation"
| subpacket.
- Will describing a hack used by the PGP, Inc. folks.
- Holger speaking out against a flag, in favour of the notation.
Thus I think consesus is more or less not to include this topic in
OpenPGP. The open questions would be
- if this topic should be put into an RFC as a notation in IETF name
space, is this WG on-topic for this? (I think probably yes.)
- who does the work? (I might be persuaded to write the RFC, if
somebody with IETF experience helps.)
- is it worth it? (I still believe that the chances for MUAs to
actually implement this are slim. Any MUA developers here?)
(Obviously, I won't be offering my time to write the RFC if no MUA will
ever implement it. I don't have the time to dig into MUA developing
anytime soon, though.)
===========
I disagree with where this is going.
The point of having notations is so that someone can put data into a
signature without having to have it be part of the standard --
without having to get a consensus on it.
Right, insofar as it concerns the OpenPGP standard.
I think you misunderstand me. The main objection I see is that starting
such application specific flags into the standard will bloat it - can
we have bits for OpenPGP applications in IRC or instant messaging
systems, too, please?
By using a notation without '@' in the name (IETF reserved namespace) we
get a way to leave this out of the OpenPGP standard, and have the
possibility to standardize this in another RFC.
[...]
If the answer to the proposal is "put it in a notation" then to me
that is implicitly saying it should not be part of the standard;
I believe I was saying this explicitly, not just implicitly.
it
should be handled in an ad-hoc manner.
No, it should be standardized (as, presumably, all notations using the
IETF reserved namespace should be), but the standard should not be part
of OpenPGP.
[...]
Greetings
- -- vbi
- --
Available for key signing in Zürich and Basel, Switzerland
(what's this? Look at http://fortytwo.ch/gpg/intro)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
iKcEARECAGcFAkCIvhZgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw
NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6NLAAn0pkMSWFWj75uTSrKEKrWdXn
3FuPAJ4tQO2RMVagYFVPP9pr9IWUyhqgrw==
=4zz8
-----END PGP SIGNATURE-----