Re: Please review OpenPGP part of RFC 2538bis

[Simon Josefsson <jas@xxxxxxxxxxx>]

Florian Weimer <fw@xxxxxxxxxxxxx> writes:

> * Simon Josefsson:
>
>> Florian Weimer <fw@xxxxxxxxxxxxx> writes:
>>
>>> * Simon Josefsson:
>>>
>>>> Is this correct?  Would it be useful to mention other kind of OpenPGP
>>>> data packets directly, as well?
>>>
>>> Why do you want to duplicate this information?
>>
>> Are you saying any OpenPGP data in the CERT RR should be permitted?
>
> Yes, it would reduce the complexity of the specification.  Otherwise,
> this RFC has to be updated each time the corresponding area in OpenPGP
> is touched.  This isn't desirable, I think.

Agreed.

>>    Public keys can use the OpenPGP public key packet (tag 6) or public
>>    subkey packet (tag 14), as described in section 5.5 of [5].
>>    Revocation signatures can use an OpenPGP signature packet with a
>>    revocation signature type, i.e., signature type 0x20, 0x28 or 0x30,
>>    as described in section 5.2 of [5].
>
> I'd prefer language similar to "an implementation SHOULD process
> transferable public keys as described in section 10.1 of [5], but it
> MAY handle additional OpenPGP packets".

Good reference.  The section now reads as below.

http://josefsson.org/rfc2538bis/
http://josefsson.org/rfc2538bis/draft-josefsson-rfc2538bis.txt

   The PGP type indicates a Pretty Good Privacy certificate as described
   in [5] and its extensions and successors.  Two uses are to transfer
   public key material and revocation signatures.  The data is binary,
   and MUST NOT be encoded into an ASCII armor.  An implementation
   SHOULD process transferable public keys as described in section 10.1
   of [5], but it MAY handle additional OpenPGP packets.

Thanks,
Simon