On 7/20/03 5:34 AM, "David Shaw" <dshaw(_at_)jabberwocky(_dot_)com> wrote:
I'm not sure 2440 says that. The relevant bit is in section 11.1,
which says "In a key that has a main key and subkeys, the primary key
MUST be a key capable of signing."
I took this, perhaps wrongly, at face value - that is, if a key had
subkeys, the primary had to be able to sign (for the binding
signatures, presumably). The flip side of this is that if a key does
not have subkeys (and there is nothing wrong with a V4 key without
subkeys), the primary did not have to be able to sign.
Did I misinterpret the intent in 2440 there? If "a key that has a
main key and subkeys" was intended to mean "V4 key", then I strongly
suggest changing it to say "V4 key" explicitly to avoid the confusion
that spawned a good bit of this thread.
Uh, I thought that meant that the top-level key can't be an encrypt-only
key. So yes, I was quite sure that 2440 said what you wanted.
Jon