Putting this into a standard-self signature is troublesome because this
requires to update and distribute the self-signature as soon as one
uploads to a keyserver.
I also have reservations about how this interacts with certification self-sigs,
simply because there are already a lot of implicit expectations and behaviors
around these.
We need to have a way do include more key signatures. This can easily be done
with several of such self-signatures using the same creation date or another
mechanism to connect them.
Sounds good.
The requirement to sort the hashes is not really helpful because that
requires that the implementation must check the order and decide what to
do if they are not sorted. In practice the implementation will sort them
anyway (in particular if several self-signatures are required).
Agreed.
To accomplish this a new signature-class can be used just for this
purpose. The subpacket definition should include a version number or
digest algorithm to be future prove.
Sounds good.
We should of course use SHA-256 and not SHA-512.
Yup.
- V
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp