On 31 May 2019 at 09:42, Vincent Breitmoser wrote:
Strictly speaking there doesn't have to be a signature on that User ID, but in
practice OpenPGP implementations commonly consider TPKs that carry no UserID
(or
no signed UserID) as invalid.
I'll change that in DKGPG soon, however, to avoid trouble IMHO some kind
of self-signature is still required (e.g. type 0x1f).
I would really like to see these consideration addressed in the spec somehow.
Thus I suggest to change (in section 11.1 of draft RFC 4880bis)
Zero or more revocation signatures
to
Zero or more revocation or direct key signatures
to cover such use cases without user IDs or user attributes. Perhaps
already RFC 4880 had those scenarios in mind (cf. section 12.1):
Primary-Key
[Revocation Self Signature]
[Direct Key Signature...]
[User ID [Signature ...] ...]
[User Attribute [Signature ...] ...]
[[Subkey [Binding-Signature-Revocation]
Primary-Key-Binding-Signature] ...]
--
Heiko
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp