[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)

To: Jon Callas <jon@xxxxxxxxxx>
Subject: Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
From: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Date: Sun, 20 Jul 2003 08:34:17 -0400
Cc: OpenPGP <ietf-openpgp@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Mail-followup-to: Jon Callas <jon@callas.org>, OpenPGP <ietf-openpgp@imc.org>
References: <> <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.5.4i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Jul 20, 2003 at 03:05:14AM -0700, Jon Callas wrote:
> 
> >>> Can you explain what troubles you about encrypt-only primaries?
> >> 
> >> Aside from being an unclean exception to a simple model :-?
> > 
> > I don't see exceptions here.  The model is quite clearly and simply
> > stated in 2440.  Any key can be of any type.  There are no exceptions.
> > Does this mean that there are possible arrangements of packets that
> > make no sense?  Sure, so don't do that.
> > 
> > I see your suggestion as adding an exception: any key can be of any
> > type, except that the primary must be able to certify.
> 
> 2440 already says that a top-level key must be able to sign.

I'm not sure 2440 says that.  The relevant bit is in section 11.1,
which says "In a key that has a main key and subkeys, the primary key
MUST be a key capable of signing."

I took this, perhaps wrongly, at face value - that is, if a key had
subkeys, the primary had to be able to sign (for the binding
signatures, presumably).  The flip side of this is that if a key does
not have subkeys (and there is nothing wrong with a V4 key without
subkeys), the primary did not have to be able to sign.

Did I misinterpret the intent in 2440 there?  If "a key that has a
main key and subkeys" was intended to mean "V4 key", then I strongly
suggest changing it to say "V4 key" explicitly to avoid the confusion
that spawned a good bit of this thread.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE/GoxJ4mZch0nhy8kRAiK6AKC88In7Cidl9koc6/RpUNMtr6tCYgCfdlaO
LbD2O+VjN0IyT2Rb1zEC7z4=
=zqVR
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
  - From: Jon Callas

References:
- Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
  - From: David Shaw
- Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
  - From: Jon Callas

Prev by Date: Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
Next by Date: Re: Adding in BZ2 compression?
Previous by thread: Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
Next by thread: Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
Index(es):
- Date
- Thread