Re: PoP & Signer's User ID subpacket?

[Derek Atkins <warlord@xxxxxxx>]

Sure, this is fine... Theoretically the real key owner should have
access to both private keys at the same time, so this shouldn't be an
issue.  Using a subpacket is fine.  I still belive this is a MUST ;)

-derek

David Shaw <dshaw@xxxxxxxxxxxxxxx> writes:

> > I think this is exactly where a notary-style double-signature is
> > useful (and should be required as a MUST).
> 
> So, the primary signs the subkey as before and then the subkey
> notarizes (0x50 sig) this signature?  That sounds good, but we'll end
> up with two signature packets after the signing subkey.  I'm afraid it
> would be likely to confuse pre-2440bis implementations which don't
> expect to see that extra signature there.
> 
> If we put the subkey-on-primary signature IN the original
> primary-on-subkey signature (as a new subpacket), then it won't break
> older implementations.
> 
> David

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@xxxxxxx                        PGP key available