Re: PoP & Signer's User ID subpacket?

[Derek Atkins <warlord@xxxxxxx>]

David Shaw <dshaw@xxxxxxxxxxxxxxx> writes:

> Yes.  Hal suggested something similar, but to have the signing subkey
> certify the primary.

That's not sufficient..  We need both signature keys to cross-certify.
The attack without cross-certification is that I could generate a
signing key and then certify that it's a signing subkey of
president@xxxxxxxxxxxxxxx

> Does anyone have any thoughts on the details of this?  We already have
> all the parts needed to have a signing subkey certify the primary
> (just have the subkey issue a 1F signature).  I like your suggestion
> to put it in the subkey self-signature since that will avoid the
> inevitable messiness when a subkey is deleted, but leaves behind the
> 1F signature.  Putting it in the subkey self-signature keeps things
> neat.

I think this is exactly where a notary-style double-signature is
useful (and should be required as a MUST).

> With regards to signing subkeys in general, I'd much rather fix the
> problem than drop signing subkeys.  2440 defined signing subkeys years
> ago, and they are already in use today (this message is signed by
> one).  They are very useful in a good number of situations.  To remove
> them now seems like a step backwards.

Fair enough..  I don't like it, but we can at least fix the
certification problems.

> David

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@xxxxxxx                        PGP key available