I wrote up the discussion we had on the list as a draft to capture the
convo.
Have not done acknowledgements yet as some folk like to be asked first.
https://tools.ietf.org/html/draft-hallambaker-udf-00
Comments welcome.
While this might seem like more than is needed for the OpenPGP protocol, I
think the OpenPGP infrastructure needs fingerprints for both OpenPGP key
packages and for software distributions. Otherwise you need an OpenPGP
disto to verify your OpenPGP disto.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp