On 06/15/2011 03:10 PM, David Shaw wrote: > That said I'd probably suggest notations for this, even though 0x40 exists in > the standard. 0x40 signatures are a bit of a leftover tail in the standard, > and are not well specified (0x40 sigclass - is it a binary signature? a text > signature?). Using notations also gives you more flexibility since you can > do key=value stuff and specify different variations on timestamp signatures.
Note that if you do decide to use a notation for this, you should mark the relevant notation subpacket as "critical", so that the signature is not interpreted by an unwitting implementation as meaning something other than the specific declaration: https://tools.ietf.org/html/rfc4880#page-26 Currently, the proposal as it stands is to use a notation within the @gnupg.org domain. It would be good to get verification from the maintainers/owners of that domain to know if they're OK with the specific proposal. According to whois, that's Werner and g10 code GmbH. Werner, can you comment on any policy for use of @gnupg.org notations? Would it help if someone set up a registry someplace documenting the specific notations? I'm willing to set up such a registry on a domain i control, but i'm not sure people would want to use it because my domains aren't as strongly associated with OpenPGP as gnupg.org. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
