[no cc:s please]
On Thursday 30 October 2003 00:17, Trevor Perrin wrote:
[subkey signatures - embedding the primary to avoid misattribution]
The case I was thinking of, where key re-use might occur, is in something
like a smartcard, or a delegated signing server. This might have limited
key storage, or it might not be able to generate new keys (not enough
power, or not enough randomness). If different users share the device,
they each might want to certify the device's subkey as belonging under
their own primary key.
The device would want to make sure each of it's signatures are attributable
to the right primary key. If every signature is a back-signature, this is
accomplished.
The hash of the primary would be over the public key? So the holder of the
secret subkey can make his subkey signature appear to come from whatever
primary he wants, he doesn't need the secret (primary) key.
So, in your scenario, sharing the secret subkey will effectively mean that
each can make signatures that will verify with the other's primary.
Or do I misunderstand someting here?
cheers
-- vbi
--
featured product: vim - http://vim.org
pgpz6O7T29grr.pgp
Description: signature