-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Jun 16, 2003 at 09:47:59PM -0700, Trevor Perrin wrote:
At 11:36 PM 6/16/2003 -0400, David Shaw wrote:
On Mon, Jun 16, 2003 at 03:53:11PM -0700, Trevor Perrin wrote:
But here's another angle: suppose Alice gets someone to sign her
legitimate primary signing key. Then she signs Bob's public key as
a subkey of her primary key. So even if you've done a
Proof-of-Possession check on Alice's primary key, she can possibly
evade that by introducing a subkey.
At least one of the challenge policies (mine) requires that the
challenge response comes from the primary key. The primary is the one
that I got a fingerprint for, and the primary is the one I'm signing
when I certify the key, so the primary is the one I require the
challenge response from.
Right, but after you've done this, and checked that Alice really possesses
her primary private key, Alice can certify a subkey whose private key she
doesn't really possess.
Right, but if/when we fix this problem, then all of the certifications
I've made already are still correct (as I ensured it was a primary
that signed the challenge).
The problem is that there's a forward-linkage from a primary key to a
subkey, but no back-linkage from a signing subkey to the primary key. Hal
suggested having the signing subkey also certify the primary key. I
suggested having the signatures produced by the signing subkey have the
primary key's ID as a hashed subpacket.
Yes. There are pros and cons, but on balance I like Hal's solution a
bit better as it only needs to be done once, presumably at key
generation time. The subpacket solution needs to be done every time
the signing subkey issues a signature.
The subpacket solution does have a nice side effect in that it becomes
possible to always know the primary key when looking at a subkey
signature. Since most keyservers don't support search-by-subkey yet,
this could be handy. Still, having the subkey sign the primary seems
cleaner.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE+7wnK4mZch0nhy8kRAi9KAJ98oRmHWim4+r27sGD6Mdf9YaTVOwCguBY5
AtOlPtttUTQ60/RjK3NEI6Y=
=ug92
-----END PGP SIGNATURE-----