Re: [openpgp] details of 4880bis work

On Thu, 2015-04-16 at 12:13 +0200, Werner Koch wrote: 
> On Thu, 16 Apr 2015 10:32, look@my.amazin.horse said:
>
> > Can someone explain why key usage and preference flags for the primary
> > were made part of user id signatures instead of a direct key signature
> Note that you may put them into a direct key signature.
>
> Assume you use the same key for home and work.  You have two user ids
> but at home you use an implementation and preferences you like while at
> work you have to comply with company policies and thus different
> preferences.
This has however some problems, which I've mentioned already in my
initial wishlist.

- Nothing of this is really specified. One *may* interpret the standard
that it is as you say above.
- There is nothing specified that would resolve ambiguities (what if
there's both, direct-key signature and user id sig, setting the same
subpackets but with different properties)?


> Right, that is a bit artifical and for example gpg uses a direct key
> signature or the latest user id to get the key flags and preferences.
From the standards PoV, the same problem as above... nothing really
specified what it means if e.g. flags are on a user sig or on a direct
key sig.
IMHO flags should anyway be immutable.



> Remember that you anyway need to implement a policy on how to work with
> multipe self-signatures on the same user id, or with multiple direct key
> signatures.
The standard didn't even specify that newer sigs would replaces older
ones, right?

IMO all quite fuzzy and vague... :(

Cheers,
Chris.

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp