Re: [openpgp] Device Certificates for RFC4880bis
Werner Koch <wk@gnupg.org> Fri, 12 February 2016 08:17 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4D741B419E for <openpgp@ietfa.amsl.com>; Fri, 12 Feb 2016 00:17:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f2PDxvdyEpKb for <openpgp@ietfa.amsl.com>; Fri, 12 Feb 2016 00:17:16 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11B0E1B419D for <openpgp@ietf.org>; Fri, 12 Feb 2016 00:17:15 -0800 (PST)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1aU8uf-0004jt-Ru for <openpgp@ietf.org>; Fri, 12 Feb 2016 09:17:13 +0100
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1aU8pS-00065x-FN; Fri, 12 Feb 2016 09:11:50 +0100
From: Werner Koch <wk@gnupg.org>
To: Derek Atkins <derek@ihtfp.com>
References: <sjmegci3oto.fsf@securerf.ihtfp.org>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367
Mail-Followup-To: Derek Atkins <derek@ihtfp.com>, openpgp@ietf.org
Date: Fri, 12 Feb 2016 09:11:50 +0100
In-Reply-To: <sjmegci3oto.fsf@securerf.ihtfp.org> (Derek Atkins's message of "Thu, 11 Feb 2016 16:43:47 -0500")
Message-ID: <8737sybb5l.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/MmMv-5Zf4L7AWZiJIy-3GtnOixI>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Device Certificates for RFC4880bis
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2016 08:17:18 -0000
On Thu, 11 Feb 2016 22:43, derek@ihtfp.com said: > +Implementations MUST accept encryption-only primary keys without a > +signature. It also MUST allow importing any key accompanied either by > +a certification signature or a signature on itself. It MAY accept > +signature-capable primary keys without an accompanying signature. Why do you want a MUST accept/import here? I think it would be better to relax it to SHOULD so that implementations which do not want to support operations on device certifications can still claim to be OpenPGP compliant. Having a need to support encryption only primary keys does not make sense to all implementations. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] Device Certificates for RFC4880bis Derek Atkins
- Re: [openpgp] Device Certificates for RFC4880bis Werner Koch
- Re: [openpgp] Device Certificates for RFC4880bis Derek Atkins
- Re: [openpgp] Device Certificates for RFC4880bis Werner Koch
- Re: [openpgp] Device Certificates for RFC4880bis Werner Koch