[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Some -15 comments
On Tue, Nov 15, 2005 at 01:13:43AM +0100, Daniel A. Nagy wrote:
> On Mon, Nov 14, 2005 at 03:37:44PM -0800, "Hal Finney" wrote:
> > I'd like to use the flag as a hint to packet-dumping software: if the
> > human-readable flag is set, it is reasonable to dump the notation body
> > as text. If it is not set, it should be dumped in hex.
> Currently, the way I treat this flag is that I display the notation to the
> user whenever the signature is verified. If that's not the purpuse of this
> flag, then I would really like another flag with that purpose. See below
> what I would like to use it for.
I think what you are saying and what Hal and I are saying are
basically compatible: interpret the human-readable flag as "I can
> > Another difference arises if the subpacket critical bit is set along with
> > the human-readable flag. With the current wording it might appear that an
> > implementation's responsibilities are met if it somehow causes the text
> > of the notation packet to be displayed to the user, even if it does not
> > recognize the notation type. I think that would be a serious mistake.
> > The critical bit should require that the notation type be recognized
> > and handled, in order for the signature to be considered valid.
> Are you sure? I actually think that displaying some notation whenever the
> signature is verified (correctly) makes a lot of sense and it may be part of
> signature verification. After all, it is ultimately the user who decides
> wheter he accepts a signature or not.
There is no conflict here either. It is perfectly fine to print
notations on signature verification if you choose to do so. The
problem is if you have a critical notation that your implementation
does not handle. You can print this notation or not (it's up to you)
but the important thing is that the unhandled critical notation isn't
treated as handled just because you print it.
> Here is how I am planning to use human-readable notation: in an on-line
> trading or auction application, where reputation tracking is important, one
> can implement user comments about other users' behavior in the form of
> signatures directly on their public keys with appropriate notation (think of
> eBay comments). The comment text is, in my opinion, critical in the sense
> that without it the signature does not make sense, but the implementation's
> responsibilities are indeed met by just displaying it upon verification.
That's fine. You can define a notation type any way you like. It's
perfectly reasonable to define your notation to meet its critical
"contract" by being shown to a user.