-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello David,
If it's an RSA key, then I guess that it is both,
unless the implementation honors the use flags,
and the OpenPGP's implied use of the public
key algorithm.
All of the public key algorithms support
signing, therefore, until a time when
there is a public key algorithm which
does not, one can say that all OpenPGP
keys can be signing keys.
One can generalize that and say, that
all OpenPGP key are encrypt enabled also,
with the exception of DSA keys.
While you control with what key/subkey
you sign with, you cannot control what
key will be used when encrypted messages
are sent to you.
I personally, will always prefer to
encrypt to a signing key, if at all
the public key algorithm supports
encryption. If there are any subkeys,
I will chose the oldest, or a signing
subkey, just to have some "PHUN", regardless
of whether it is revoked or not.
And there is nothing that you can do
about it! And I would recommend that
every OpenPGP user does the same.
Binding is not sufficient, all it implies is
that the one who had the secret part of the
primary key at the time chose to sign that
subkey.
A key or subkey should be self signed, this is
an indication that whoever purports to have
issued it had the secret part at the time.
A UID has to be signed by the primary key.
In short:-
1) A primary key with no self signature
is meaningless.
2) A UID with no signature from the
primary key is meaningless.
3) A subkey with no self signature and
no binding signature from the primary
key is meaningless also.
Hope the above helps,
Best regards
Imad R. Faiad
On Fri, 18 Jul 2003 13:10:37 -0400, you wrote:
[F651E0D5]*** PGP SIGNATURE VERIFICATION ***
[F651E0D5]*** Hash: SHA1
[F651E0D5]*** Status: Good Signature from Invalid Key
[F651E0D5]*** Alert: Please verify signer's key before trusting signature.
[F651E0D5]*** Signer: David M. Shaw <dshaw(_at_)jabberwocky(_dot_)com>
[F651E0D5]*** Note: Signing Key is a Sub-Key!
[F651E0D5]*** Key ID: 0x49E1CBC9
[F651E0D5]*** Fingerprint: FC2A 0E9B 5122 7D7B 5923 2CE6 E266 5C87 49E1
CBC9 [F651E0D5]*** Signed: 7/18/2003 7:10:37 PM
[F651E0D5]*** Verified: 7/18/2003 9:53:22 PM
[F651E0D5]*** BEGIN PGP VERIFIED MESSAGE ***
On Fri, Jul 18, 2003 at 09:13:41AM -0700, Len Sassaman wrote:
On Thu, 17 Jul 2003, David Shaw wrote:
Simplicity is a good reason, as is the robustness of the OpenPGP
system.
I'm afraid I don't understand your response. Simplicity is a good
reason to add complexity? (??)
I think that saying "all v4 primary keys are signature keys" actually
simplifies things. You may disagree.
Ah, ok. I didn't parse your response properly.
I'm of mixed feelings on the primary is a signing key issue. There is
definite appeal to having all non-signature items in a key be bound
there by signatures. As things stand now, subkeys are bound, but user
IDs/attributes might not be. There is a nice annoyance attack in the
wait there.
I do wonder what this case would mean in regards to the discussion
though:
1) Generate a RSA sign+encrypt key. Naturally the user ID on that key
should have a self-signature.
2) Now change the key flags so that the primary is encrypt-only.
Is that an "encrypt-only" key?
David
[F651E0D5]*** END PGP VERIFIED MESSAGE ***
-----BEGIN PGP SIGNATURE-----
Version: 8.0.2irf
Comment: KeyID: 0x833F1BAD
Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45
iQEVAwUBPxhu+LzDFxiDPxutAQIIagf/UqAZ1t+7gEcAO5jiYn/61KK7oXv4qmsr
5nFikx4aPco1TTcLsmjMEUPC55fxlothpVTvB2ofvng5a/r9CLag930Pcz2hIuOZ
brMJPUHNuE19N4JdPoX/WU2aXFo1JONSM+30b7JS2tT88y09K3otNRF8I5JNQzIr
fr2QucRLNqgs0Sgma4s04Ylq8JyaCySqoluZyS7bY6IyEhzpXPTXV/YXLK8QZdbh
sJjfNtpr5Jgi0RcVK8HP8Mbe9QTflr11ClUC9h/xipFLYDzZpLqfoksfUqC4gB91
+7ntAm7w9WZNvWo/ocL/8T1DKV7KjBhTTKgexq1OfXdMWEt2vhQhDA==
=n4Us
-----END PGP SIGNATURE-----