How bad is it to make someone else think that a key is yours, when it
actually is not? I.e. you have no idea what the private part is.
As Trevor points out, with subkeys especially, that's exactly the
situation. The only key/person vouching for the ownership of the
subkey(s) is the master key and its owner. Third-party certification
doesn't cover subkeys, and in fact subkeys can be added even after third
parties sign and certify the master key.
So what can you do with this? If you claim someone else's encryption
key as your own, it would mean (A) you can't decrypt messages sent to
that key, and (B) someone else could. (The important point is that it
does not allow the obvious attack of letting you read messages intended
for that person.)
I suppose this could be damaging to the sender in some contrived
scenarios: if the government monitored his outgoing email, they might
find him sending a message encrypted to Osama bin Laden's public key.
He would be the victim of a prank; someone else gave him a key which
had a match to ObL's encryption key on it. But that's pretty far-fetched.
For signatures, it would mean that (A) you could not sign messages with
that key, and (B) someone else could.
This could mean that a message signed by someone else might appear to be
signed by you. But that's not so significant, as you could have achieved
the same effect just by copying the plaintext of the message to be signed
and signing it with one of your own keys. And this also might work to
your detriment, as you could be harmed by some signed statement issued
by someone else, on a key you claimed as your own.
So I don't think that either of these attacks is all that serious,
as long as people understand what they mean and don't draw unwarranted
conclusions.
Hal Finney