[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggestion for the signing subkey problem

To: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Subject: Re: Suggestion for the signing subkey problem
From: Derek Atkins <warlord@xxxxxxx>
Date: 25 Jun 2003 14:29:37 -0400
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1

Hmm, can subkeys have subkeys?

-derek

David Shaw <dshaw@xxxxxxxxxxxxxxx> writes:

> Hi everyone,
> 
> I was thinking about the "stolen signing subkey" problem, and a
> slightly different solution popped up:
> 
> What if we create a new "signature in a signature" subpacket that is
> defined as a regular signature contained in a subpacket?  All signing
> subkeys MUST contain such a subpacket in their binding self-signature.
> The "subpacket signature" in this case is made by the signing subkey,
> and on the primary key, hashed as if for a 1F signature.  The end
> result is that the signing subkey has a binding self-signature issued
> by the primary key as we do now, and that binding self-signature has
> an embedded 1F signature on the primary key data issued by the signing
> subkey itself.
> 
> One of the nice benefits of using a subpacket here, rather than some
> other scheme is that we can set the critical bit of the subpacket if
> we want to "break" the signing subkey on older implementations, but at
> the same time, we don't have to.
> 
> I was considering suggesting a single-purpose subpacket that could
> only be used for making a back-signature from a signing subkey on the
> primary key data, but it started to look like reinventing the wheel.
> We have a good, working, signature format.  If we just stick it in a
> subpacket, we can leverage all that work.
> 
> Yes, it is a little odd to contemplate the idea that a subpacket can
> contain a signature that contains subpackets which contains a
> signature...  "Great fleas have little fleas upon their backs to bite
> 'em, And little fleas have lesser fleas, and so ad infinitum."
> 
> Is this overkill for the exact problem at hand?  Probably.  On the
> brighter side, is certainly a more general solution that could be
> useful elsewhere.  For example, it might replace the (as yet unused)
> signature target subpacket: since we can just stick the target
> signature in this proposed subpacket, we don't need the current target
> subpacket anymore.  It also enables interesting possibilities for the
> notary signature.
> 
> David

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@xxxxxxx                        PGP key available

References:
- Suggestion for the signing subkey problem
  - From: David Shaw

Prev by Date: Suggestion for the signing subkey problem
Next by Date: Re: Suggestion for the signing subkey problem
Previous by thread: Suggestion for the signing subkey problem
Next by thread: Re: Suggestion for the signing subkey problem
Index(es):
- Date
- Thread