Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures)

[David Shaw <dshaw@xxxxxxxxxxxxxxx>]

On Wed, Oct 12, 2005 at 09:50:32AM -0500, Brian G. Peterson wrote:
> 
> On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote:
> > > The fact that we may have to add further rules clarifying how to use it
> > > just emphasizes our lack of experience with the construct.  Often with
> > > these things you don't find the problems until you actually try to use it
> > > for something and interoperate with others.  Given that notary signatures
> > > have been in the draft in some form or other for years without seeing
> > > any use that I know of, should we consider taking them out?
> 
> On Wednesday 12 October 2005 08:06 am, Daniel A. Nagy wrote:
> > Please don't. I do have a very good use for them and I'm going to go ahead
> > with an implementation. As soon as it's working reliably and securely, I
> > will write up the specifications for inclusion in the standard.
> 
> I second this.  A workable notary signature method for both clear-signed and 
> pgp/mime is badly needed for evidentiary reasons.  

I definitely agree they are useful, but given that 2440bis last call
ends in 16 days and we have no implementations (much less two
interoperable ones), let's move this to a new RFC.

David