This concern applies, IMHO, when the keyholder derives power from the thing
that is signed, as opposed to the normal course of business in which the thing
signed derives power from the key.
In the normal case, the key itself gets power because someone certifies it. If
it's a subkey and the world knows a keyholder by primary key, then you need a
signature from the primary key to the subkey.
In this other case, if the source of the power (the thing signed) is capable of
signing things, then it needs to sign the subkey, to transmit its power to that
key.
If the source of the power is not capable of signing things, then there's no
way to construct a cryptographic proof.
For example, the thing granting power might be a patent application. How would
this grant power to a key?
If someone wants to sign the patent app while transmitting it to the USPTO,
that's fine, but that signature doesn't mean anything. The power comes from
having the patent app be signed and time-stamped by the USPTO. If that app
includes the hash of the user's signing key, then there is a chain of
empowerment established with all the arrow heads pointing in the same direction
- and that's the minimum requirement for whatever we're talking about to be
meaningful.
- Carl
+------------------------------------------------------------------+
|Carl M. Ellison cme(_at_)acm(_dot_)org http://theworld.com/~cme |
| PGP: 75C5 1814 C3E3 AAA7 3F31 47B9 73F1 7E3C 96E7 2B71 |
+---Officer, arrest that man. He's whistling a copyrighted song.---+