On Mar 5, 2013, at 7:19 AM, David Shaw <dshaw(_at_)jabberwocky(_dot_)com> wrote:
I'd do this with a notation (option B, which can be marked as critical if you
desire). The Usage flags are helpful but I don't think they have the ability
to carry enough information to really state what you are trying to say.
Usage is more "this key can may be used for authentication", and it sounds
like what you're looking for is "this key may be used for authentication, but
only in the context of OTR".
Usage flags are there for broad declarations. For example, so that you use an
RSA key for encryption but not signing, or a signing key for
authentication-based signing, but not documents.
If you're really going to put protocol-specific notes in, then notations are
the way to go.
I can't speak for all OpenPGP implementations, but GPG will correctly reject
a subkey binding signature if it has a critical notation that GPG doesn't
know about. I'm not sure if that helps or hurts your plan, though, as
without adding code to GPG to understand your notation, you won't easily be
able to show a connection from your OpenPGP key to the OTR subkey.
There's a problem with criticality as a concept in general, and that is that if
you really do private development, it can cause things to explode in ways that
are not useful.
In this case, we have an authentication-only subkey that's intended to be used
for OTR. If you mark it as authentication-only, it's not going to be used for
document signing, which is really what you want. It's possible that some other
authentication protocol could grab it, but is that really a problem?
This brings us to the problem with criticality. It's supposed to keep some item
from being used in an unknown way. But it can also fail in unexpected ways.
I've seen criticality flags cause all sorts of weird issues in other systems,
and the usual fix is not to make it critical.
Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp