Re: [Sam Hartman] Openpgp comments

I agree with Ian. Remember those t-shirts they used to sell with the  
nine-layer ISO model? Layer 8 is the Financial Layer and Layer 9 is  
the Political Layer. There's an arrow pointing to Layer 9 with the  
message, "You are here."
I think it's worthwhile to have a phone call or perhaps even better a  
Jabber meeting. I'm in other working groups that do semi-regular  
Jabber conferences. A major reason for a Jabber conference is that it  
is my perception that it is the consensus of this working group that  
we disagree with the ADs. I think they need to talk to the working  
group as a whole. Jabber would be great for that.
On the other hand, we're at the political layer, and I'm happy to put  
in a SHA-256 MDC, if that will get us done. Furthermore, it may turn  
out that in five years we'll be happy we did. Heck, it could always  
turn out that SHA-1 isn't one-way enough. OpenPGP has always been  
forward-thinking, and we are known for being more on top of these  
issues than anyone else. Consequently, if we put in a new MDC and say  
that you MAY do it, the implementers don't have to do it until they  
are in the mood. Even if we say SHOULD accept and MAY generate, it's  
a small burden.
I think that coming up with a true replacement for the MDC is work we  
ought to do. It's on my list of things to do post-2440bis. I think  
this gets in the way of that, but if that's what it takes us to  
finish, it's what it takes us to finish.
        Jon