At 09:13 AM 3/10/99 +0100, Thomas Roessler wrote:
|On 1999-03-09 17:33:39 -0800, Jon Callas wrote about CA flags:
|I don't understand this. Is it possible that you are confusing
|recommendations and "usual" certificates here?
|
I don't believe that I'm confusing things. What I'm saying is that since a
"normal" PGP key can be used for any purpose, a key that has no key flags
on it obviously is equivalent to these flags being 1. (That byte also
contains some other flags that are obviously zero if not present. If
there's a flaw in the definition, I think it's here.)
|We have well-defined recommendations ("trust signatures") in the
|spec. It would thus be silly to assume that a plain (user-id, key)
|certification implies any recommendation about the signee. This
|means that the CA flag would just be a no-op on any certificates,
|and completely useless for actual CA use.
|
I disagree. If a CA wants to explicitly state that a signature is a "leaf
certificate" it puts a zero certification flag on its signature. That's
about the only real use for third-party key flags.
|The only reasonable interpretation would be that the "default" CA
|flag (i.e., the meaning of no such sub-packet) should be 0, i.e.,
|"don't pass trust". This is actually consistant with the phrasing
|in the spec which says that "missing" flags should default to 0.
|
Given that the standard PGP way of dealing with key signatures is that the
user may pass trust any old way they choose (by setting introducers, etc.),
I have to disagree that that's the *only* reasonable interpretation.
Throughout the life of PGP, there has been a grand, unanswered question:
what does it mean to sign someone else's key? Many people have their own
opinions, but there's no agreement on it.
I know people who refuse to sign other people's keys because they believe
that it exposes them to liability. I don't understand this, but hey. One of
the reasons "local" signatures were created was that these people never
signed any keys whatsoever, and it kinda made the web of trust hard to work
with when all the keys someone dealt with were considered invalid.
There are other people who don't mind signing other people's keys, but
don't want their signatures used in further validity calculations. (Alice
is willing to sign Bob's key, but Alice doesn't want to imply that she
thinks Bob is at all competant to sign.) All this flag does is allow Alice
to say that.
|To put it short: The key flag spec is seriously flawed. We may wish
|to revise this in a future version.
I disagree completely. It's a subtle concept, but it is the solution to a
flaw that exists without it.
Jon
-----
Jon Callas jon(_at_)pgp(_dot_)com
CTO, Total Network Security 3965 Freedom Circle
Network Associates, Inc. Santa Clara, CA 95054
(408) 346-5860
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)