Sure, this is fine... Theoretically the real key owner should have
access to both private keys at the same time, so this shouldn't be an
issue. Using a subpacket is fine. I still belive this is a MUST ;)
-derek
David Shaw <dshaw(_at_)jabberwocky(_dot_)com> writes:
I think this is exactly where a notary-style double-signature is
useful (and should be required as a MUST).
So, the primary signs the subkey as before and then the subkey
notarizes (0x50 sig) this signature? That sounds good, but we'll end
up with two signature packets after the signing subkey. I'm afraid it
would be likely to confuse pre-2440bis implementations which don't
expect to see that extra signature there.
If we put the subkey-on-primary signature IN the original
primary-on-subkey signature (as a new subpacket), then it won't break
older implementations.
David
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available