On Tue, Sep 20, 2005 at 10:33:37AM -0700, "Hal Finney" wrote:
Perhaps we should clarify the language in the RFC to eliminate any
such ambiguity. 184.108.40.206, the Issuer subpacket, just says:
The OpenPGP key ID of the key issuing the signature.
We could add "If the signature is issued by a subkey then the key ID of
this subkey is used here instead of the key ID of the primary key."
We do have similar language in 5.2 for PKESKs:
- An eight-octet number that gives the key ID of the public key
that the session key is encrypted to. If the session key is
encrypted to a subkey then the key ID of this subkey is used
here instead of the key ID of the primary key.
I think that is reasonable, but it would need to be mentioned in
several places (in bis-14): 5.2.2 (V3 signatures), 220.127.116.11 (issuer
subpacket), and 5.4 (Onepass signature packet). Perhaps something
could be said in 3.3 (Key IDs) that covers them all?