-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jan 23, 2007, at 4:21 PM, Jim Fenton wrote:
> I generally agree with "RFC only", but haven't thought about all > eight of the registries that -base asks to have created. It's not > clear that we want to do this with all of them. For example, we > might want to set a higher bar for the signature or hash algorithm > than for creation of a new signature tag. To be something of a devil's advocate on this, why? A nice property of signatures is that there is pressure on the verifier either to create them maximally interoperably, or accept that some people won't be able to verify them. As a verifier, if I start seeing signatures with a hash that I don't speak (or think is not secure), I just consider the message to be unsigned or bogusly signed. No problem. Jon -----BEGIN PGP SIGNATURE----- Version: PGP Universal 2.5.2 Charset: US-ASCII wj8DBQFFt9CXsTedWZOD3gYRAvrbAJ9ArQwGkCaQ82r1lF0cSek23ZlMwgCg4nV9 hAu3jpYEhVuCsk97udkOlj4= =Syw/ -----END PGP SIGNATURE----- _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html