On Thu, 16 Apr 2015 10:32, look@my.amazin.horse said:
Can someone explain why key usage and preference flags for the primary
were made part of user id signatures instead of a direct key signature
Note that you may put them into a direct key signature.
Assume you use the same key for home and work. You have two user ids
but at home you use an implementation and preferences you like while at
work you have to comply with company policies and thus different
preferences.
Right, that is a bit artifical and for example gpg uses a direct key
signature or the latest user id to get the key flags and preferences.
or something of the sort? I felt like this added a lot of complexity
and non-determinism to those parts of the implementation which dealt
with that.
Remember that you anyway need to implement a policy on how to work with
multipe self-signatures on the same user id, or with multiple direct key
signatures.
Secondly, (this came up somewhere else), I'm not convinced at all that
designated revokers (5.2.3.15) are a good idea. Is there a significant
advantage over just handing the person a revocation certificate of your
key? I remember deciding against implementing this feature at some point
That requires that you still have access to a pre-generated revocation
certificate and that that you are able to use it. A dedicated revoker
certificate also allows to create a revocation certificate with a valid
reason code and not just a catch-all reason code.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp