[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: V5 signatures

Bill, the only difference between a V4 sig and a V5 sig is changing the
length field. The only place that really needs these is standalone
signatures, (and arguably not even them -- you are after all making that
very argument).

There are a class of applications that want to have a self-describing
structure, rather than have a chunk of data and sign it. Doing it this way
simplifies parsing, for example. You can quickly look at the object and
conclude its one of these critters rather having to grovel over the data
looking for a sig. Yup, you can do it the other way. For some people, this
is desirable. We have people who want to do this.

There's also another other way for these people get their desired behavior
-- use X.509. If I'm being testy, it's because I'm reading in your
objections a desire for these people to go away and use X.509, which I
don't think you intend. I don't want someone to make an architectural
decision not to use OpenPGP, because there's a stupid length limitation.