[Top] [All Lists]

Re: IDEA in v3-v4 conflict (was Re: OpenPGP at IETF-59 Draft Minutes #1)

2004-03-12 09:21:47

On Thu, 11 Mar 2004 12:58:26 -0800 Derek Atkins <derek(_at_)ihtfp(_dot_)com> 

but what about the difference in subkey production?

What about them?

will PGP generate/allow addition of subkeys that can sign as well

Of course.

it might be necessary if the requirement is for the subkey to
sign the
master, and the master to sign the subkey

The requirement for a back-signature is only for signature keys.
Encrypt-only subkeys don't need it.

the way things are now,
is that PGP 'cannot' recognize a signature from a subkey

(and to compound things, once GnuPG generates a signing subkey,
it will, by default, preferentially use only the new subkey for signatures
with that key.
it will not use the master for signing unless the user specifically adds
an over-ride '!' after the signing key id number,
otherwise, a user entering the key id for signing, and forgetting that
a new signing subkey was added,
will find that the signature is from the subkey, with a different key
id than the one entered)

in any event,
if PGP cannot recognize a signing subkey signature,
then it won't recognize the subkey signing the master either,

this has already been causing a considerable amount 
user confusion for GnuPG -> PGP signed /signed and encrypted messages


Concerned about your privacy? Follow this link to get
FREE encrypted email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program: