[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I do this with OpenPGP?

To: hal@xxxxxxxxxx, john.dlugosz@xxxxxxxxx
Subject: Re: How do I do this with OpenPGP?
From: "Hal Finney" <hal@xxxxxxxxxx>
Date: Tue, 7 May 2002 15:13:13 -0700
Cc: ietf-openpgp@xxxxxxx
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

> From: John Dlugosz
>
> Thanks, Hal.
>
> Is Trent's signature on the key itself or on a UserID?
>
> It seems that either has semantic implications, but what do existing
> general-purpose tools do?  I like the latter for my application.

Normally it is on a userid.  It is binding the given name to the key,
that is, the signature is asserting its belief that the name belongs
to the key and vice versa.

> What's the relationship between the "Trust signature" key subpacket, and
> using key types 0x11-0x13?

The trust signature subpacket is used for the signer to publicly declare
that he trusts the key being signed as a signing key.  Normally a
signature just means that the signer is asserting that the name belongs
with the key, and that's what the signature types 0x11-0x13 are for.

Trust signatures are used to enable what we call "meta introducers"
which are signers who are empowered to declare that other keys have
key-signing authority.  For example, in a corporate application the chief
security officer may be declared to be a meta-introducer by the employees,
and he can then delegate signing authority to departmental officers.

It's a somewhat complicated concept and not usually very useful outside
of relatively closed systems.

Hal

Prev by Date: Re: How do I do this with OpenPGP?
Next by Date: Re: How do I do this with OpenPGP?
Previous by thread: Re: How do I do this with OpenPGP?
Next by thread: Re: How do I do this with OpenPGP?
Index(es):
- Date
- Thread