[Top] [All Lists]

Re: [openpgp] ECDH and ELG-E primary keys

2014-08-13 07:45:48

On Wed, August 13, 2014 4:27 am, Werner Koch wrote:
On Tue, 12 Aug 2014 20:56, derek(_at_)ihtfp(_dot_)com said:

Note that this use-case is not for email.  Indeed, these keys are not
even user keys; they are "device keys".  In my use case I'd like to use
RFC4880-style signatures for certifying those device keys.

Hopefully there is some support for this loosening?

You mean a feature to create v3 keys?

No.  Not at all.

in 12.1 (Key structures) [snip] a v4 key as

              [Revocation Self Signature]
              [Direct Key Signature...]
               User ID [Signature ...]
              [User ID [Signature ...] ...]

Thus a strict interpretation requires a user id packet.  A direct key
signature is only possible with a v4 key.

Exactly.  My proposal would be a new I-D that would loosen this
restriction and define a new-style v4+ key as:

              [Revocation Self Signature]
              [Direct Key Signature...]
              [User ID [Signature ...] ...]
              .... (rest elided)

I'll note that 12.1 goes on to say:

   In a V4 key, the primary key MUST be a key capable of certification.
   The subkeys may be keys of any other type.  There may be other

and in my proposed I-D I would remove this restriction as well.  Assuming
there is desire for this functionality.  Like I said, *I* have a use case
for this, and if I do I can assume others do too.

Am I more clear on what I intend?  Any comments on this?




       Derek Atkins                 617-623-3745
       Computer and Internet Security Consultant

openpgp mailing list