ietf-openpgp
[Top] [All Lists]

Re: Interop grill-off

2005-09-20 10:29:23

On Tue, Sep 20, 2005 at 06:04:57PM +0200, Daniel A. Nagy wrote:

On Tue, Sep 20, 2005 at 11:17:05AM -0400, David Shaw wrote:

3. Some keyservers do not return matching keys, if searched by the long
(16 byte) key ID of a subkey. SKS is guilty of this.

Isn't this a just SKS feature request?  Nothing in the draft says
anything about how keyservers work, or even that a UI must allow
particular ways to search.

No, it isn't. This becomes a major interoperability issue, when you use
signature subkeys. It's not quite clear from RFC2440 wether the 8-byte
signatory field sould point to the main key or the subkey, but in several
implementations it points to the subkey, which actually made the signature
(and this is the right behavior, IMHO).

I don't know of *any* implementations that set the issuer subpacket to
anything other than the key that made the signature, as specified in
the RFC.  Doing otherwise would be an absurd thing to do - the signing
equivalent of putting the main key ID into a PKESK packet when
encrypting to a subkey.  If you can point to a single implementation
that does this wrong, I'll immediately concede the point.

David

<Prev in Thread] Current Thread [Next in Thread>