-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, Jul 18, 2003 at 09:13:41AM -0700, Len Sassaman wrote:
On Thu, 17 Jul 2003, David Shaw wrote:
Simplicity is a good reason, as is the robustness of the OpenPGP system.
I'm afraid I don't understand your response. Simplicity is a good
reason to add complexity? (??)
I think that saying "all v4 primary keys are signature keys" actually
simplifies things. You may disagree.
Ah, ok. I didn't parse your response properly.
I'm of mixed feelings on the primary is a signing key issue. There is
definite appeal to having all non-signature items in a key be bound
there by signatures. As things stand now, subkeys are bound, but user
IDs/attributes might not be. There is a nice annoyance attack in the
wait there.
I do wonder what this case would mean in regards to the discussion
though:
1) Generate a RSA sign+encrypt key. Naturally the user ID on that key
should have a self-signature.
2) Now change the key flags so that the primary is encrypt-only.
Is that an "encrypt-only" key?
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE/GCoN4mZch0nhy8kRAhyYAKC8qaI6HL4aPy1/xJJi04nM8ISc1QCdHs3X
NWg2+tNJl1n48jzhofMOTE0=
=mm0s
-----END PGP SIGNATURE-----