Re: Signature calculation language

[David Shaw <dshaw@xxxxxxxxxxxxxxx>]

On Tue, Oct 11, 2005 at 01:44:53PM -0700, Jon Callas wrote:
> On 5 Oct 2005, at 2:11 PM, Hal Finney wrote:

> >    0x18: Subkey Binding Signature
> >        This signature is a statement by the top-level signing key  
> >that
> >        indicates that it owns the subkey. This signature is  
> >calculated
> >        directly on the subkey itself, not on any User ID or other
> >        packets. A signature that binds a signing subkey also has an
> >        embedded signature subpacket in this binding signature which
> >        contains a 0x19 signature made by the signing subkey on the
> >        primary key.
> >
> >The signature is actually calculated over both the primary key and
> >subkey packets, although here it says it is not calcualted over any
> >other packets.
> >
> >(A separate issue is that the last sentence here should have a SHOULD:
> >"A signature that binds a signing subkey SHOULD have an embedded...")
> >
> 
> Done.

Wondering - should the embedded 0x19 signature be a MUST?  Lacking a
0x19 allows the signing subkey to be "stolen" onto another primary
key.

David