On Sat, May 03, 2008 at 02:11:07PM -0700, Andrey Jivsov wrote:
===================================================================
C. Higher layers of application will govern compliance
with Suite B. "ECC in OpenPGP" document will define
reasonable superset of features required for Suite-B
or similar government documents, but exact
specification of the policies to use ECC in OpenPGP
is out of scope.
===================================================================
I vote for C. Keep the policies out of the standard and leave it up
to the implementers. I'm not against having policies specified, but
I'd rather see them in a different document for use by those people
who need them. There is precedence here: OpenPGP specifies DSA and
not DSS.
David