[Top] [All Lists]

Signing Subkeys (was Re: IDEA in v3-v4 conflict)

2004-03-12 10:33:17


If this is the case it is a bug in PGP and not necessarily a bug
in the OpenPGP spec.  If it's a bug in PGP then you should contact
PGP Corporation about it.  If the bug is due to inconsistencies in
the spec, then you should suggest text to clear up the amiguity.
Otherwise, this is the wrong forum to discuss the issue.


<vedaal(_at_)hush(_dot_)com> writes:

On Thu, 11 Mar 2004 12:58:26 -0800 Derek Atkins <derek(_at_)ihtfp(_dot_)com> 

but what about the difference in subkey production?

What about them?

will PGP generate/allow addition of subkeys that can sign as well

Of course.

it might be necessary if the requirement is for the subkey to
sign the
master, and the master to sign the subkey

The requirement for a back-signature is only for signature keys.
Encrypt-only subkeys don't need it.

the way things are now,
is that PGP 'cannot' recognize a signature from a subkey

(and to compound things, once GnuPG generates a signing subkey,
it will, by default, preferentially use only the new subkey for signatures
with that key.
it will not use the master for signing unless the user specifically adds
an over-ride '!' after the signing key id number,
otherwise, a user entering the key id for signing, and forgetting that
a new signing subkey was added,
will find that the signature is from the subkey, with a different key
id than the one entered)

in any event,
if PGP cannot recognize a signing subkey signature,
then it won't recognize the subkey signing the master either,

this has already been causing a considerable amount 
user confusion for GnuPG -> PGP signed /signed and encrypted messages


Concerned about your privacy? Follow this link to get
FREE encrypted email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program:

       Derek Atkins                 617-623-3745
       Computer and Internet Security Consultant