At 11:07 AM 5/23/98 +0200, Patrick Feisthammel wrote:
In 10.1 Transferable Public Keys:
Each Subkey packet must be followed by at least one Signature
packet, which should be of the subkey binding signature type, issued
by the top level key.
Subkey and Key packets may each be followed by a revocation
Signature packet to indicate that the key is revoked.
and in 11.1. Key Structures:
Primary-Key
[Revocation Self Signature]
[Direct Key Self Signature...]
User ID [Signature ...]
[User ID [Signature ...] ...]
[Subkey Primary-Key-Signature ...]
A subkey always has a single signature after it that is issued using
the primary key to tie the two keys together.
11.1 contradicts 10.1 because it says there is a _single_signature after
the subkey. But in 10.1 there is _at least one_ signature.
10.1 is wrong. There is exactly one binding signature on a subkey. I've
amended that paragraph to read:
Each Subkey packet must be followed by one Subkey Binding Signature packet
issued by the top level key.
I'm also not sure about the revocation signature, I guess the key
structure is:
You've pointed out an unclear place in the key structure chart, too. The
answer here is easy to describe but harder to write in this syntax.
Ordinarily, the subkey is followed by exactly one binding signature.
However, if there is a revocation of the binding signature, you may trim
off the binding signature.
I have redrawn the picture to be:
Primary-Key
[Revocation Self Signature]
[Direct Key Self Signature...]
User ID [Signature ...]
[User ID [Signature ...] ...]
[[Subkey [Binding-Signature-Revocation]
Primary-Key-Binding-Signature] ...]
and added the paragraph:
In the above diagram, if the binding signature of a subkey has been
revoked, the revoked binding signature may be removed, leaving only one
signature.
Jon
-----
Jon Callas jon(_at_)pgp(_dot_)com
CTO, Total Network Security 3965 Freedom Circle
Network Associates, Inc. Santa Clara, CA 95054
(408) 346-5860
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)