ietf-openpgp
[Top] [All Lists]

Re: key flags -- what do they mean?

1999-03-08 18:55:12
My concern is that these key flags carry implications which are
inconsistent with other aspects of the spec.

What does a certification mean?  Let us focus on a certification without
any special flags or subpackets.  It is a simple binding, by the signer,
between key and userid.  It is an assertion that "this key belongs to
this person".

Now with the key flags, we have a new element.  The idea is that the
signer can turn on some flags and turn off others, and request that his
certification be ignored if the key is being used for a purpose not in
the listed set of flags.

In effect, the key flags are an attempt to take away some of the meaning
of the certification.  The signer is trying to say, "I certify that
this key belongs to this person, but I want you to pretend that I never
said any such thing if the key is being used for a purpose not on my
approved list."

Why would I, as a third party who sees his certification, ever want to
discard information in this manner?  He's plainly stated that he has
certified the binding of the key to the user.  If I believe that he is
honest and diligent, then this adds to my belief that the key is valid.
Just because the key may be later used in a manner he would frown on,
that doesn't make it invalid.  The binding between userid and key is
valid independently of use.

This is the problem that I have with this use of the key flags.  There is
no logical connection between how the key signer's hopes for how the key
would be used, and the certification of validity which the signer makes.
By trying to make these completely independent and orthogonal concepts
become dependent on each other, the key flags are not consistent with
the other semantics of our key signatures.

Hal