On Tue, Oct 11, 2005 at 03:25:00PM -0700, "Hal Finney" wrote:
One possible problem is if there is any substantial set of signing subkeys
in use that don't have the 0x19 signature. Signatures issued by those
keys might become invalid. I don't think we have any from pgp.com,
we did not previously support signing subkeys.
I have encountered only one signature subkey so far, but I do intend to use
signature subkeys in the future myself. I agree that signature theft is a
very serious issue, and mandating 0x19 signatures is necessary to prevent
it.
Signature subkeys currently in use are not that much of a problem, because
the owners can always create the missing 0x19 signature. If they don't, it's
in everybody's interest (including their own) that the signatures become
invalid.
I actually wanted to do a survey of public keys for algorithms, key sizes,
subkeys, etc. for a long time. What I really want to know is what algorithms
and key sizes are used for certification, encryption and document signature,
and what proportion of users use subkeys.
If there's additional interest for such a survey, please let me know: it
will provide me with the additional motivation I need to actually carry it
out. Most of the software has already been written, but it's a horrible
processor hog of a task, estimated to keep a server busy for several hours.
As a side benefit, I could email all known signature subkey owners about
signing their subkey both ways. But that can only happen when major
implementations (PGP and GPG) can actually do it.
Also, there's a significant number of keys corrupted by keyservers that
can't handle multiple subkeys correctly. While natural in some way, it still
amazes me how much worse the quality of keyservers are compared to other
OpenPGP software.
--
Daniel