On Thu, 11 Feb 2016 22:43, derek(_at_)ihtfp(_dot_)com said:
+Implementations MUST accept encryption-only primary keys without a
+signature. It also MUST allow importing any key accompanied either by
+a certification signature or a signature on itself. It MAY accept
+signature-capable primary keys without an accompanying signature.
Why do you want a MUST accept/import here? I think it would be better
to relax it to SHOULD so that implementations which do not want to
support operations on device certifications can still claim to be
OpenPGP compliant. Having a need to support encryption only primary
keys does not make sense to all implementations.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp