[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)

To: Len Sassaman <rabbi@xxxxxxxxxxx>
Subject: Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
From: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Date: Fri, 18 Jul 2003 13:10:37 -0400
Cc: ietf-openpgp@xxxxxxx
Delivery-date: Fri, 18 Jul 2003 19:16:26 +0200
Envelope-to: ietf-openpgp@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.30.QNWS.0307180912510.22382-100000@xxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Mail-followup-to: Len Sassaman <rabbi@xxxxxxxxxxx>, ietf-openpgp@xxxxxxx
References: <20030718005724.GD32097@xxxxxxxxxxxxxxx> <Pine.LNX.4.30.QNWS.0307180912510.22382-100000@xxxxxxxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.5.4i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Jul 18, 2003 at 09:13:41AM -0700, Len Sassaman wrote:
> On Thu, 17 Jul 2003, David Shaw wrote:
> 
> > > Simplicity is a good reason, as is the robustness of the OpenPGP system.
> >
> > I'm afraid I don't understand your response.  Simplicity is a good
> > reason to add complexity? (??)
> 
> I think that saying "all v4 primary keys are signature keys" actually
> simplifies things. You may disagree.

Ah, ok.  I didn't parse your response properly.

I'm of mixed feelings on the primary is a signing key issue.  There is
definite appeal to having all non-signature items in a key be bound
there by signatures.  As things stand now, subkeys are bound, but user
IDs/attributes might not be.  There is a nice annoyance attack in the
wait there.

I do wonder what this case would mean in regards to the discussion
though:

1) Generate a RSA sign+encrypt key.  Naturally the user ID on that key
   should have a self-signature.

2) Now change the key flags so that the primary is encrypt-only.

Is that an "encrypt-only" key?

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE/GCoN4mZch0nhy8kRAhyYAKC8qaI6HL4aPy1/xJJi04nM8ISc1QCdHs3X
NWg2+tNJl1n48jzhofMOTE0=
=mm0s
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
  - From: Imad R. Faiad

References:
- Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
  - From: David Shaw
- Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
  - From: Len Sassaman

Prev by Date: Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
Next by Date: Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
Previous by thread: Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
Next by thread: Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
Index(es):
- Date
- Thread