Erron writes:
Does a subkey binding sig only perform the hash on the subkey (incl. 0x99,
packet body and keys), as stated in 5.2.1 for a 0x18 signature type or:
does the hashable data for a subkey binding sig mirror that as stated in
5.2.4:
"A subkey signature (0x18) THEN hashes the subkey..."
I'm assuming the THEN means that you hash the main key before the subkey,
subsequently contradicting 5.2.1.
The description in 5.2.1 is really very general:
0x18: Subkey Binding Signature
This signature is a statement by the top-level signing key
indicates that it owns the subkey. This signature is calculated
directly on the subkey itself, not on any User ID or other
packets.
This is meant to convey that the signature does not cover "siblings"
of the subkey, like other subkeys or userid packets. The description
in 5.2.4 is correct; the hash is over the top-level key plus the subkey.
PS: Where's the best place to insert a type 0x30 as it's not defined in
11.1...before the certification sig or after...or doesn't it matter?
A type 0x30 is a subkey revocation signature. I don't think it matters
whether it goes before or after the subkey certification sig. I think
we put it before.
PSS: Are public and secret keyrings supposed to interoperate with other
versions of OpenPGP?
No, OpenPGP does not specify keyring formats.
PSSS: If PSS=yes, then shouldn't we define the makeup of a private/public
key-ring better than that explained in 11.1 (re exact locations and order/s
of packets etc etc).
N/A.
Hal