[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, Jul 18, 2003 at 09:13:41AM -0700, Len Sassaman wrote:
> On Thu, 17 Jul 2003, David Shaw wrote:
> > > Simplicity is a good reason, as is the robustness of the OpenPGP system.
> > I'm afraid I don't understand your response. Simplicity is a good
> > reason to add complexity? (??)
> I think that saying "all v4 primary keys are signature keys" actually
> simplifies things. You may disagree.
Ah, ok. I didn't parse your response properly.
I'm of mixed feelings on the primary is a signing key issue. There is
definite appeal to having all non-signature items in a key be bound
there by signatures. As things stand now, subkeys are bound, but user
IDs/attributes might not be. There is a nice annoyance attack in the
I do wonder what this case would mean in regards to the discussion
1) Generate a RSA sign+encrypt key. Naturally the user ID on that key
should have a self-signature.
2) Now change the key flags so that the primary is encrypt-only.
Is that an "encrypt-only" key?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----