ietf-openpgp
[Top] [All Lists]

Re: Series of minor questions about OpenPGP 6

2009-02-01 22:34:44

On Feb 1, 2009, at 9:44 PM, Christoph Anton Mitterer wrote:

4) exportable certification (4)
Does this have a meaning on subkey binding signatures (0x18)? E.g.
something like don't import the signature itself and neither the
subkey?
I have applications for this, myself. Yes.
Uhm @David (if you read this), does gnupg support creating non
exportable subkey binding signatures? And if so I assume that it doesn't
export the subkey either?!

No, it does not support this. I like Jon's idea though. It's a clever way to special-case a particular subkey.

It makes sense to me to have two preferred keyservers. I don't have an
opinion about policy URIs, but I wouldn't discount it automatically
out of hand.
Doesn't the RFC say that only the last subpacket of a give type of the
same signature must be used? Or was this just a "should"?

No. This is only in case of conflict. The RFC has a lot of language (in section 5.2.4.1) about how people should not automatically take the last subpacket without thinking. Having multiples of certain subpackets is correct and reasonable, and does not imply conflict. For example you can certainly have multiple keyservers: there are multiple places to store a key.

David