Hi,
On 09/12/2014 03:17 PM, Derek Atkins wrote:
I got confused by this:
"A primary key capable of making signatures SHOULD be accompanied by
either a certification signature (on a User ID or User Attribute) or
a signature directly on the key.
...
It MAY accept public keys without an
accompanying signature."
Basically, it says that signature-capable primary keys without
certification are not really proper, but sufficiently liberal
implementation may still accept them.
Correct. Do I need to reword that or add something to make that more clear?
Not necessarily. Perhaps reordering the sentences (and changing
referring pronouns accordingly) so that these two statements would be
right after one another would make it easier to understand.
Now, the only thing a self-certification directly on the key proves is
that the public key is not bogus; it does, indeed, have a private
counterpart, right?
That and a self-assertion of any particular notations in the signature.
Right. Thanks!
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp