On Fri, February 12, 2016 3:11 am, Werner Koch wrote:
On Thu, 11 Feb 2016 22:43, derek(_at_)ihtfp(_dot_)com said:
+Implementations MUST accept encryption-only primary keys without a
+signature. It also MUST allow importing any key accompanied either by
+a certification signature or a signature on itself. It MAY accept
+signature-capable primary keys without an accompanying signature.
Why do you want a MUST accept/import here? I think it would be better
to relax it to SHOULD so that implementations which do not want to
support operations on device certifications can still claim to be
OpenPGP compliant. Having a need to support encryption only primary
keys does not make sense to all implementations.
OOPS. You are absolutely correct. This was an oversight when I did a
cut-and-paste from my previous document. The MUST made sense when device
certificates were a standalone document, but you're right that this should
be a SHOULD now that it's integrated into 4880bis.
Would you like an updated patch? Or just change it in your copy?
Thanks,
Shalom-Salam,
Werner
-derek
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp