-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 06 Jun 2003 10:39:30 +0200, you wrote:
Hi!
I know that we are short of releasing a new RFC and bis-08 looks
really good. Due to the project I am currently working on I'd like to
suggest a small enhancement:
5.2.3.21. Key Flags
[...]
0x20 - This key may be used for authentication.
Usage notes are not necessary and it should be left to an
implementation on how to handle this key flag.
There are drafts and actual implementations to use OpenPGP keys with
TLS and ssh. Thus, having a subkey specially for this purpose seems
to be a good idea. A key with key flag 0x02 (sign data) could be used
for authentication too but this has the problem than there would be no
easy way to select the appropriate subkey for data signing or
authentication purposes. As a workaround an implementation could use
notation data but this would be implementation dependend and a kind of
hack.
What do you think?
Hello Werner,
This is what I think:-
Why not just create a key dedicated for the purposes of TLS or SSH.
I would like to propose that signing sub keys be disallowed in OpenPGP.
While an encryption key concerns the key holder, a signing key is
of concern to others. PGP users identify keys and publicize theirs
by the master key ID and fingerprint. These are also the primary keys
used by key servers.
As I understand it, sub keys are only justified in the following
circumstances:-
1) When the public key algorithm does not support encryption (e.g. DSA).
2) In agreement with a school of thought, which recommends that
it is good practice not to use the same key for signing and
encryption.
Any other arguments beyond the above, are just eccentricities,
and will be better addressed by creating another key.
Therefore, for the sake of simplicity, please permit me to propose
that an OpenPGP key be a Master Key of an OpenPGP public key algorithm
suitable for signing, and ONE optional encryption sub key of an
OpenPGP public key algorithm suitable for encryption PERIOD.
It is evident that sub keys seem to be evolving beyond their
intended use. Let's clean up that mess before it is too late.
What do you think?
Werner
Best Regards
Imad R. Faiad
-----BEGIN PGP SIGNATURE-----
Version: 8.0.2irf
Comment: KeyID: 0xBCC31718833F1BAD
Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45
iQEVAwUBPu19vrzDFxiDPxutAQJ7rQf/Z085Fotrl/uroZ80pO/OwAHZ3fcABG06
azvmdXfnW1Z7/fWfV7vHixzzLaUdXhFEm9m+Nj0XTSQ7a5QU8M0hZQJNRiv3cSbb
QWWDN93AHUkdZLUXClcNfBy+ipUpwWbutMDMNuhKOEOSwMDH/+db2DfF+++ixpqa
PeAEEdKU7UtteaD6gpqfiCvJsU9gda8XKA65m0/9BF1RngX/OBV4rkkb98EVE5IH
RiQI+tXl8WECAi0wQw0y7dLixlIpBase78KXN6LFGLt0I4ojD4URUX6XE6Afz8Ko
5mpYFkTJkdoobbGoNFbA1c7op76ixKNnbgsq4oDZ+5n2C2TyTpij6g==
=efDu
-----END PGP SIGNATURE-----