On Feb 1, 2009, at 9:44 PM, Christoph Anton Mitterer wrote:
4) exportable certification (4)
Does this have a meaning on subkey binding signatures (0x18)? E.g.
something like don't import the signature itself and neither the
subkey?
I have applications for this, myself. Yes.
Uhm @David (if you read this), does gnupg support creating non
exportable subkey binding signatures? And if so I assume that it
doesn't
export the subkey either?!
No, it does not support this. I like Jon's idea though. It's a
clever way to special-case a particular subkey.
It makes sense to me to have two preferred keyservers. I don't have
an
opinion about policy URIs, but I wouldn't discount it automatically
out of hand.
Doesn't the RFC say that only the last subpacket of a give type of the
same signature must be used? Or was this just a "should"?
No. This is only in case of conflict. The RFC has a lot of language
(in section 5.2.4.1) about how people should not automatically take
the last subpacket without thinking. Having multiples of certain
subpackets is correct and reasonable, and does not imply conflict.
For example you can certainly have multiple keyservers: there are
multiple places to store a key.
David