[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: What's the consensus?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Jon Callas" <jon@xxxxxxxxxx> writes:
> Here are some proposals for changes that I think are reasonable
I generally agree.
> * IDEA gets marked as a MAY from a SHOULD. An implementation note gets put
> in noting that it's patented, but used in PGP 2.
I'd still say that it's the default "preferred" algorithm for v3 keys
(that vast majority that don't have a v4 self-signature :-).
> * We deprecate V3 keys. Specifically, we say {MUST|SHOULD} NOT be generated,
> and {SHOULD|MAY} use. V3 signatures {MUST|SHOULD} not be generated. I lean
> toward SHOULD rather than MUST, but that's only because I'm a gradualist.
I also favor SHOULD. (I wouldn't want to call an implementation non-compliant
for providing PGP2 interoperability, even as a default.)
> * It sounds like the consensus on hard key expiration is that it needs to go
> into a V5 format.
It is certainly stronger there. (I don't feel a need for the weaker form.)
> * There are a number of implementation notes that I believe are old enough
> to go away. Given that RFCs, even if obsoleted, do not disappear, deleting
Curiously, I feel much more comfortable dropping PGP5 notes than PGP2.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQA/AwUBPn+WLOc3iHYL8FknEQI5+gCg7GVg6mWy383lsMnyNIoKNl8ZFo0AnR7L
0cvmn+rCdIH7D398ekt2iNh/
=OWkU
-----END PGP SIGNATURE-----