Hi,
On Wed, August 13, 2014 4:27 am, Werner Koch wrote:
On Tue, 12 Aug 2014 20:56, derek(_at_)ihtfp(_dot_)com said:
Note that this use-case is not for email. Indeed, these keys are not
even user keys; they are "device keys". In my use case I'd like to use
RFC4880-style signatures for certifying those device keys.
Hopefully there is some support for this loosening?
You mean a feature to create v3 keys?
No. Not at all.
[snip]
in 12.1 (Key structures) [snip] a v4 key as
Primary-Key
[Revocation Self Signature]
[Direct Key Signature...]
User ID [Signature ...]
[User ID [Signature ...] ...]
Thus a strict interpretation requires a user id packet. A direct key
signature is only possible with a v4 key.
Exactly. My proposal would be a new I-D that would loosen this
restriction and define a new-style v4+ key as:
Primary-Key
[Revocation Self Signature]
[Direct Key Signature...]
[User ID [Signature ...] ...]
.... (rest elided)
I'll note that 12.1 goes on to say:
In a V4 key, the primary key MUST be a key capable of certification.
The subkeys may be keys of any other type. There may be other
and in my proposed I-D I would remove this restriction as well. Assuming
there is desire for this functionality. Like I said, *I* have a use case
for this, and if I do I can assume others do too.
Am I more clear on what I intend? Any comments on this?
Shalom-Salam,
Werner
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp