Problem with faked-system-time option

[David Shaw]

On Jun 14, 2011, at 9:16 PM, Jerome Baum wrote:

>>> Why modify the standard?
>> 
>> Because signature notations are supposed to be standardized. There aren't any
>> yet though. Nobody suffers from defining a string to mark timestamp-only
>> signatures. That is easily parsable both for software and for humans.
>> Timestamps are an important application. I don't think that there is any equal
>> solution.
>> 
>> Furthermore this might make signature notations more popular. IMHO they are a
>> very useful nonetheless nearly unused feature.
> 
> Good points (I think "notations are supposed to be standardized" is a
> bit strong, but there is use in certain standardized notations so I
> agree with your point overall).
> 
> So, um, let's just start using a non-standardized notation in the "@"
> namespace and then wait for standardization?

A minor point about notations.  The "@" notations are not non-standardized.  They are just not standardized by the IETF via the RFC process.  The "@" notations are owned by whatever domain appears on the right hand size of the string.  So mynotation at example.com is defined and controlled by whoever runs example.com.  It is completely appropriate for you to define a notation under any domain (including your own) that gives you permission to do so.  These notations are not in any way less good than an IETF notation.

For example, the PGP people saw the need for a notation to hint whether a person can understand PGP/MIME or only inline.  They drew up a spec for the preferred-email-encoding at pgp.com notation, and published it.  It's their standard.

David