ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: key flags -- what do they mean?

1999-03-08 21:54:07
from [William H. Geiger III] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In 
<3(_dot_)0(_dot_)3(_dot_)32(_dot_)19990308164420(_dot_)03c21cb0(_at_)mail(_dot_)pgp(_dot_)com>,
 on 03/08/99 
   at 07:44 PM, Jon Callas <jcallas(_at_)NAI(_dot_)com> said:


An example is in order. Suppose that I have signed Joe Blow's key with
key flags for encryption, but not signing. You have me as a fully trusted
introducer. If you're going to encrypt a message to Joe, you consider his
key valid, because I have signed it. If you are validating a signature
that key has made, you don't consider it valid because your validity
calculation extends from my certification signature, which doesn't
include signatures. 


Perhaps I am a little slow here but this does not make sense. My
understanding on an Identity CA like Verisign is to verify and certify the
identity of a keyholder not what he is going to do with the key. If
Verisign signs my key certifying that the holder of public key 0xFFFFFFFF
is William H. Geiger III what difference does it make what I am doing with
that key?? If Verisign want's to sign keys signifying more than that then
they should have a separate signing key to do so (one key to certify
identity, a separate key to certify someone as a CA).

It seems that there is an attempt to push PGP down the same ugly path that
X.509 has gone down. Using the key as a payload for dynamic data opens up
a whole list of problems that PGP does not need to be saddled with.

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
- ---------------------------------------------------------------
 
Tag-O-Matic: Don't be held back by yesterday's DOS!  Try today's OS/2!

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i OS/2 for non-commercial use
Comment: Registered_User_E-Secure_v1.1b1_ES000000
Charset: cp850

wj8DBQE25KrGlHpjA6A1ypsRAlirAJ9hFAzrVHMMlIS/DYK26NbQv8W5xQCgx/Sw
WCg4CL3U1wzvovltaF8wT4s=
=zClR
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: key flags -- what do they mean?, William H. Geiger III
Next by Date:  RE: A question on Twofish / AES / PGP, Simpson, Sam
Previous by Thread:  Re: key flags -- what do they mean?, Jon Callas
Next by Thread:  Re: key flags -- what do they mean?, hal
Indexes:  [Date] [Thread] [Top] [All Lists]