On 1/28/2012 2:24 AM, John Clizbe wrote: > I don't see a way that a rolling-upgrade to a no-modify supporting version > could > be accomplished without breaking things in the process. The only way I can > envision doing this to to form a completely new network and let servers > migrate > into it as they upgrade to the no-modify supporting version. In a way, that's > also undesirable as it divides the widely distributed network in two.
There's also a human factors element, which we're currently handwaving. If I have a copy of 0xDECAFBAD's certificate that has five UIDs, all of which have trusted signatures on them, and a second copy that has seven UIDs, five of which I consider valid due to having trusted signatures on them, well -- which of the two is canonical? The OpenPGP answer is "neither: validity and trust are not the same as canonicity." However, human beings tend to get rather obsessed with canonicity. Look at the kerfuffle over our President's birth certificate record. The original one is on file somewhere in a Hawai'i government office: a differently-formatted copy of the birth certificate was given to the press. Both documents are equally valid. Neither document is canonical. The U.S. public had a hard time wrestling with that: a whole lot of people sincerely believed the presence of two equally-valid but differently-formatted birth certificate records meant something was hinky. Now imagine explaining to new OpenPGP users that "yes, sometimes you'll get a copy that has 5 UIDs and sometimes you'll get one that has 7, depending on which keyserver you query, but both of them are equally valid." Same thing. And before anyone says, "well, yeah, but the huge deal about the President's birth certificate was the product of a whole lot of political paranoia by whackjobs," I will point out that one thing our community has *never* lacked for is paranoid whackjobs. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
