ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Version 4 keystructure

1998-06-01 10:48:49
from [Jon Callas] [Permanent Link] 
At 11:07 AM 5/23/98 +0200, Patrick Feisthammel wrote:

   In 10.1 Transferable Public Keys:
   
      Each Subkey packet must be followed by at least one Signature
      packet, which should be of the subkey binding signature type, issued
      by the top level key.
   
      Subkey and Key packets may each be followed by a revocation
      Signature packet to indicate that the key is revoked.
   
   and in 11.1. Key Structures:
   
              Primary-Key
                 [Revocation Self Signature]
                 [Direct Key Self Signature...]
                  User ID [Signature ...]
                 [User ID [Signature ...] ...]
                 [Subkey Primary-Key-Signature ...]
   
      A subkey always has a single signature after it that is issued using
      the primary key to tie the two keys together. 
   
   
   11.1 contradicts 10.1 because it says there is a _single_signature after 
   the subkey. But in 10.1 there is _at least one_ signature.

10.1 is wrong. There is exactly one binding signature on a subkey. I've
amended that paragraph to read:

Each Subkey packet must be followed by one Subkey Binding Signature packet
issued by the top level key.

   I'm also not sure about the revocation signature, I guess the key
   structure is:
   
You've pointed out an unclear place in the key structure chart, too. The
answer here is easy to describe but harder to write in this syntax.
Ordinarily, the subkey is followed by exactly one binding signature.
However, if there is a revocation of the binding signature, you may trim
off the binding signature.
   
I have redrawn the picture to be:

    Primary-Key
       [Revocation Self Signature]
       [Direct Key Self Signature...]
        User ID [Signature ...]
       [User ID [Signature ...] ...]
       [[Subkey [Binding-Signature-Revocation]
               Primary-Key-Binding-Signature] ...]

and added the paragraph:

In the above diagram, if the binding signature of a subkey has been
revoked, the revoked binding signature may be removed, leaving only one
signature.

        Jon

-----
Jon Callas                                  jon(_at_)pgp(_dot_)com
CTO, Total Network Security                 3965 Freedom Circle
Network Associates, Inc.                    Santa Clara, CA 95054
(408) 346-5860                              
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
              665B 797F 37D1 C240 53AC 6D87 3A60 4628           (RSA)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Silence is Consent Dept., Jon Callas
Next by Thread:  More (some already reported) spec nits, dontspam-tzeruch
Indexes:  [Date] [Thread] [Top] [All Lists]