[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PoP & Signer's User ID subpacket?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Jul 13, 2003 at 11:37:24PM -0400, Michael Young wrote:
> 
> "David Shaw" <dshaw@xxxxxxxxxxxxxxx> writes:
> > The only thing that really troubles me about the idea is that it
> > raises problems for the (legal, to my reading of 2440) encrypt-only v4
> > key.
> 
> This doesn't trouble me... I strongly believe that we should
> remove the loophole that allows encrypt-only top-level v4 keys,
> for exactly this reason.  (I was astounded when David pointed out
> the seemingly permissive language in another forum.)

Just so we're all clear, Michael and I had been discussing the
legality of a v4 encrypt-only primary WITHOUT any subkeys.  An
encrypt-only key WITH subkeys is clearly forbidden in 2440 both
implicitly (an encrypt-only primary key could not issue the
non-optional subkey binding signatures) and explicitly ("In a key that
has a main key and subkeys, the primary key MUST be a key capable of
certification.").

This is just a primary key that happens to be of an encrypt-only
algorithm (presumably #16, since there is no way to express an
encrypt-only primary key with algorithm #1 (you would need to use #2,
which is deprecated)).

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE/Ekif4mZch0nhy8kRAsNVAJ9ZgvUVZnrGFm07uMzgdTmeBansagCfeIC5
IX3KeeSgLEuFe0nfbZz6lHU=
=JUAl
-----END PGP SIGNATURE-----