[Top] [All Lists]

Re: Some -15 comments

2005-11-14 23:56:23

Daniel Nagy writes:
I understand that and even agree with it in the light of the fact that
there's already notation in wide use that is not intended for human
interpretation. But I think that a flag indicating that some notation IS
intended to be interpreted by humans is still warranted, using a wording
similar to the original definition of the text flag, perhaps with some
clarification added. Like this:

        First octet: 0x80 = displayable. This note value is text.

                     0x40 = human-readable. This note value is text, a
                            note from one person to another, and need
                            not have meaning to software. If critical,
                            it MUST be displayed whenever the successful
                            verification of the signature is reported to
                            the user

Your 0x40 is more than "human-readable", it is "should be displayed".  I
don't like the idea of putting in a feature which burdens implementations
to do certain things in the UI, unless we have a very good reason.
Our PGP software might have to pop up dialog boxes to deliver these
notification messages, which I'm sure would bring objections from our
UI guys.

If and when we come up with a compelling reason to add such a UI mandate
in our data-format specification, then we could consider it.  We would
also need to clarify when it should be displayed for key signatures: if
a web of trust is used, should we display all notations for all keys in
the chain that were used to establish the trustworthiness of a target key?
Should this happen on both encryption and signature verification?  And is
it enough to do it once and consider the user "notified", or should it be
done every time?

The answers to questions like these are likely to be application specific.
That is, for some kinds of notations we would do it one way, and for other
types of notations we would do it another way.  Maybe some would only be
for data signatures and not key signatures, or vice versa.  Maybe some
would only be displayed for signatures on the key being used, while others
should be displayed for the whole trust chain.  It depends on the purpose.

Putting in this 0x40 flag now, or any mandate for notation packet display,
will require possibly substantial change to every OpenPGP implementation
in existence.  Sure, it potentially gives you a lot of leverage to
implement your desired new feature.  But it is at a great expense.
We can't go forward with something like this without an extensive
discussion involving many groups, including UI experts.

Hal Finney

<Prev in Thread] Current Thread [Next in Thread>