On Mon, Oct 31, 2005 at 11:11:56AM +0100, Simon Josefsson wrote:
Hi everyone! FYI:
I submitted an updated version of this document a few weeks ago. The
changes since -01 are small: A new "preference" field has been added,
to signal whether the sender wish that e-mail should be signed,
encrypted or both.
I have some concerns with this preference field. There is already a
way to specify this preference on the key itself
("preferred-email-encoding(_at_)pgp(_dot_)com"). Once a user finds the key,
have an authoritative and tamperproof statement about email
preference. The OpenPGP header is not tamperproof, and having the
preference in there raises the question what to do if the header
preference doesn't match the preference on the key.
I see the OpenPGP header as a useful key finding aid. Once the key is
found, though, the header has served its purpose.