ietf-openpgp
[Top] [All Lists]

Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)

2003-07-20 14:22:41

On 7/20/03 5:34 AM, "David Shaw" <dshaw(_at_)jabberwocky(_dot_)com> wrote:

I'm not sure 2440 says that.  The relevant bit is in section 11.1,
which says "In a key that has a main key and subkeys, the primary key
MUST be a key capable of signing."

I took this, perhaps wrongly, at face value - that is, if a key had
subkeys, the primary had to be able to sign (for the binding
signatures, presumably).  The flip side of this is that if a key does
not have subkeys (and there is nothing wrong with a V4 key without
subkeys), the primary did not have to be able to sign.

Did I misinterpret the intent in 2440 there?  If "a key that has a
main key and subkeys" was intended to mean "V4 key", then I strongly
suggest changing it to say "V4 key" explicitly to avoid the confusion
that spawned a good bit of this thread.

Uh, I thought that meant that the top-level key can't be an encrypt-only
key. So yes, I was quite sure that 2440 said what you wanted.

    Jon