On Tue, Oct 11, 2005 at 03:25:00PM -0700, "Hal Finney" wrote:
So it does seem like it must be a MUST in order to be an effective
deterrent.
One possible problem is if there is any substantial set of signing subkeys
in use that don't have the 0x19 signature. Signatures issued by those
keys might become invalid. I don't think we have any from pgp.com,
we did not previously support signing subkeys.
GPG supports signing subkeys, and there are a number of them in use.
(A number, it should be said though, that is utterly dwarfed by the
number of people using their primary key as their signing key.)
I am concerned about the users of signing subkeys, so I have a
transition planned for GPG. GPG has offered 0x19 backsigs as a
build-time option for a while now. As of the next release (1.4.3),
backsigs are on by default so all new signing subkeys have them. At
some point in the future (after more subkeys get backsigs), GPG will
start complaining if it does not see a backsig. At some point even
further, GPG will start treating signatures issued by a signing subkey
without a backsig as invalid, but there will be a way to tell GPG to
ignore the missing backsigs for backwards compatibility.
I think such a transition in GPG and other programs that support
signing subkeys is a reasonable solution for the existing signing
subkeys out there, and it shouldn't impact doing the right thing in
the standard for future use.
I support making 0x19 backsigs a MUST.
David