Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)

[Len Sassaman <rabbi@xxxxxxxxxxx>]

On Mon, 14 Jul 2003, David Shaw wrote:

> > I think there is value in requiring uids to be self-signed.  To allow
> > encrypt-only top-level keys, one has to make a special case.  Given
> > that they are only very limitedly useful, I'd rather not have the
> > special case.
>
> Keep in mind that this renders valid 2440 keys invalid under 2440bis.
> I can't imagine why we'd do such a thing just to gain the ability to
> require self-signed user IDs.  To be honest, I've never seen an

I am surprised that there have not been widespread attacks on OpenPGP keys
as a result of the permitted non-self-signed UIDs. I think this really
must be fixed. (And for users to add self-signatures to their existing
unsigned uids is trivial.)

> encrypt-only primary in nature.  I know of no program that generates
> them.  I've never used one except to test.  But who am I to dictate -
> in the absence of an actual security-related reason - to someone else
> what type of key they may have?

That's what making an interoperable protocol is all about. (I'll also
argue that interoperability is a security-related reason in and of
itself.)

> Note that GnuPG doesn't have any special support for encrypt-only
> primary keys, but because of the nice general design of v4 keys, where
> any key (primary or subkey) can be of any type, encrypt-only primaries
> work just fine.  I don't have a copy of PGP handy (I'm traveling), but
> I suspect that they'll "just plain work" in PGP as well.  My point
> here is that it would take additional code and additional complexity
> to *prevent* encrypt-only primaries from working... so why mess around
> with this, especially since there is no security-related reason for
> it?

Simplicity is a good reason, as is the robustness of the OpenPGP system.