On Thu, Oct 30, 2003 at 10:37:18AM -0800, Trevor Perrin wrote:
In my scenario, a bunch of different primary key holders trust a
single subkey holder to perform signatures on their behalf. The
subkey holder wants to make sure that each signature is attributed
to the proper primary key.
I'm having trouble seeing the lack of this ability as a problem, much
less a problem that needs a fix.
It's always possible to come up with a (perhaps convoluted) situation
where any feature would be useful, and with all due respect, I think
this scenario crosses the convolution line.
Sharing signature keys is generally not a good idea. Note in the
example that if the trusted subkey holder stops being trusted, he can
issue signatures in the name of any of the users. Plus if any of the
keyholders has a key compromise, all keyholders must re-key.
If and when such a situation develops, I'd support a supplemental RFC
to specify the necessary signature subpacket. Until the proposed
scenario becomes more concrete, anything we can do about it in 2440bis
is apt to be incorrect in some detail. In the meantime, I'm content
to say if a user really wants to share keys, he can use a signature
notation to include whatever additional information he lines. I don't
think this needs to be in 2440bis.
David