On Tue, 12 Aug 2014 20:56, derek(_at_)ihtfp(_dot_)com said:
Note that this use-case is not for email. Indeed, these keys are not
even user keys; they are "device keys". In my use case I'd like to use
RFC4880-style signatures for certifying those device keys.
Hopefully there is some support for this loosening?
You mean a feature to create v3 keys? RFC4880 is quite specific about
creating v3 keys:
OpenPGP implementations MUST create keys with version 4 format. V3
keys are deprecated; an implementation MUST NOT generate a V3 key,
but MAY accept it.
Regarding signatres, v3 signatures SHOULD not be used and thus it is
possible to implement them.
In 11.1 transferable key is defined as
- One Public-Key packet
- Zero or more revocation signatures
- One or more User ID packets
[...]
in 12.1 (Key structures) a v3 key is defined as
RSA Public Key
[Revocation Self Signature]
User ID [Signature ...]
[User ID [Signature ...] ...]
and a v4 key as
Primary-Key
[Revocation Self Signature]
[Direct Key Signature...]
User ID [Signature ...]
[User ID [Signature ...] ...]
Thus a strict interpretation requires a user id packet. A direct key
signature is only possible with a v4 key.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp