[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: subkey binding sigs q

Erron writes:

> Does a subkey binding sig only perform the hash on the subkey (incl. 0x99, 
> packet body and keys), as stated in 5.2.1 for a 0x18 signature type or:
> does the hashable data for a subkey binding sig mirror that as stated in 5.2.4:
> "A subkey signature (0x18) THEN hashes the subkey..."
> I'm assuming the THEN means that you hash the main key before the subkey, 
> subsequently contradicting 5.2.1.

The description in 5.2.1 is really very general:

   0x18: Subkey Binding Signature
         This signature is a statement by the top-level signing key
         indicates that it owns the subkey. This signature is calculated
         directly on the subkey itself, not on any User ID or other

This is meant to convey that the signature does not cover "siblings"
of the subkey, like other subkeys or userid packets.  The description
in 5.2.4 is correct; the hash is over the top-level key plus the subkey.

> PS: Where's the best place to insert a type 0x30 as it's not defined in 
> 11.1...before the certification sig or after...or doesn't it matter?

A type 0x30 is a subkey revocation signature.  I don't think it matters
whether it goes before or after the subkey certification sig.  I think
we put it before.

> PSS: Are public and secret keyrings supposed to interoperate with other 
> versions of OpenPGP?

No, OpenPGP does not specify keyring formats.

> PSSS: If PSS=yes, then shouldn't we define the makeup of a private/public 
> key-ring better than that explained in 11.1 (re exact locations and order/s 
> of packets etc etc).